Last month, Pacific City Bank (PCB), one of America’s major Korean-American community financial service providers, revealed a ransomware attack in the bank.
The bank is sending out letters to its customers informing them of a security issue discovered on August 30, 2021, which they say was quickly resolved.
On September 7, 2021, PCB’s internal investigation into what transpired was completed, and it found that ransomware perpetrators had gained access to the following data from its systems:
- Loan application forms
- W-2 information of client firms
- Wage and tax details
- Payroll records of client firms
- Tax return documents
- Full names
- Social Security Numbers
Not all the clients were affected by the attack, as each client has given different details and documents that were there in the stolen data by the hackers, says PCB.
Furthermore, it is unknown if this occurrence impacts the bank’s whole customer or simply a small fraction. We contacted the bank for clarifications, but have yet to get a response. The receivers of these notifications are urged to be wary of unsolicited mail and to keep an eye on their bank accounts and credit reports for signs of fraud.
In addition, the bank is providing Equifax with a one-year free credit monitoring and identity theft protection service, with information on how to sign up included in the letters. To prevent being conned by actors who may try to take advantage of the situation, follow these guidelines to the letter.
While Pacific City Bank did not name the ransomware organisation responsible for the September incident, AvosLocker has claimed responsibility and posted an entry on their data breach website.
The attack is scheduled for September 4, 2021, thus the five-day gap might just be the “grace” period of the initial negotiating round when ransomware perpetrators usually avoid making public statements.
Image Courtesy- Bleeping computer
There are no discrepancies in the data that were finally uploaded on the extortion portal since they reveal what PCB has now confessed was hacked.
AvosLocker is one of the more recent ransomware operators, having emerged in the open this summer and soliciting affiliates to join the RaaS on numerous underground sites.
The gang employs a multi-threaded ransomware strain that allows them to quickly encrypt data while the attacker deploys the payload manually. Although the AvosLocker has some text and API obfuscation to avoid static detection, it is mostly “naked,” meaning it lacks a cryptographic layer.