ASHLAND, Ore.–A new report suggests the failure to install a software patch is behind the ransomware attack on a CUSO that has caused outages at approximately 60 credit unions.
As CUToday.info reported here, the compromise reportedly occurred at the Oregon-based CUSO Ongoing Operations and has affected five-dozen or so credit unions running the Fedcomp core solution. Both are subsidiaries of St. Petersburg, Fla.-based Trellance.
According to DataBreaches.net, the attackers penetrated Ongoing Operations’ through a vulnerability known as the Citrix Bleed vulnerability in Netscale, patches for which were released on Oct. 10.
The report referred to the vulnerability in Netscale as the “cybersecurity challenge of 2023.” Ongoing Operations’ two Netscaler devices remain offline, DataBreaches.net reported.
“Ongoing Operations, failed to install the patch, leading to the credit union disruptions,” DataBreaches.net reported.
Systems Remain Down
The systems at the credit unions remain down, with members and credit unions unable to check account balances. There is no evidence that member data has been compromised, according to several reports and CUToday.info’s own interviews.
As reported here, at least one credit union has been forced to turn to manual reporting in its interactions with members.
Others Also Hit
Credit unions aren’t alone in dealing with the same ransomware attack. According to DataBreaches.net, HTC Global Services, aka HTC Inc, aka Caretech — a large MSP for the healthcare sector with remote access to hospitals across the U.S., did not patch Netscaler since July and is currently being held to extortion by AlphV ransomware group, “who display stolen documents on their ransomware portal which are branded Caretech, a division of HTC.”
Your Best Holiday Shopping Offer is Here!
The biggest, best and freshest news reporting in credit unions remains free! Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more. So stop paying those bank-fee-like subscription prices from other so-called “news” publications!
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?