California-based Patelco Credit Union, one of the largest credit unions in the U.S., has suffered from a ransomware attack that has prevented some customers from accessing their funds.

According to a status update on Tuesday, Patelco, the ransomware attack took place on June 29 and resulted in the credit union proactively shutting down its day-to-day banking systems in order to contain the attack and remediate the issue. Although services have been gradually returned and customers can now access cash and some services, Patelco warned customers that as it restore its systems, customers may experience intermittent outages, including at ATMs.

A local media outlet in San Francisco reported that customers complained on Monday that they were scared the credit union may go “belly-up” and wondered when they’d be able to access all of their funds.

The credit union did not disclose the form of a ransomware attack and no ransomware group has publicly claimed responsibility. Patelco did tick off the standard ransomware response list, including hiring third-party experts, contacting law enforcement and informing customers.

It’s also currently unknown if the ransomware attack was a double-tap attack, one in which data was stolen along with being encrypted. In this type of attack, the ransomware operator threatens to publish stolen data if a ransom is not paid. Given that Patelco is a financial services provider, any data stolen could have high value on the black market.

Discussing the news, Scott Weinberg, chief executive officer of managed information technology service provider Neovera Inc., told SiliconANGLE that Patelco has so far reacted in the right way with its response to dealing with the ransomware attack.

“Kudos to Patelco for proactively shutting down several of its customer-facing banking systems while it assesses the impact of the recent ransomware attack,” Weinberg said. “While it’s too soon to tell how hackers gained access to the network, it’s an important wakeup call to community, regional and credit union banking organizations nationwide – especially ahead of the holiday weekend.”

The attack on Patelo comes after Evolve Bank & Trust, a financial institution popular with fintech startups, disclosed it had suffered from a cyberattack on June 26.

Dan Lattimer, vice president at Active Directory security and recovery firm Semperis Techology Inc., noted that “while the ripple effect at Patelco is likely smaller in scale than Evolve due to its regional footprint, it’s a stark reminder that bad actors are increasingly targeting small, midmarket and large financial and banking institutions for the volume of sensitive financial information they process daily.”

“While there’s no silver bullet in cybersecurity, organizations must identify their business-critical systems (such as Active Directory) and monitor them for unauthorized and anomalous changes,” Lattimer added. “Rolling out security awareness training to employees and establishing robust incident response plans are also critical. Patelco clearly had the latter in place, as it proactively shut down several of its customer-facing banking systems to assess and contain the impact of the hack.”

Photo: Patelco Credit Union