This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
New Citrix Bleed ransomware threat hits many credit unions
Ransomware groups are leveraging new attacks using the Citrix Bleed vulnerability.
Late last week saw more than 60 credit unions’ operations disrupted, thanks to a common technology services provider’s unpatched Netscaler servers. Representatives from the National Credit Union Administration confirmed the outage happened in a post for The Register over the weekend.
The provider is Trellance Cooperative Holdings Inc. It owns two different providers, one called Ongoing Operations LLC and the other called Fedcomp. Both of them told their respective customers of outages affecting their systems. The former sent out a note on Dec. 2 about an “ongoing cyber security incident” that happened on Nov. 26. Fedcomp posted and then removed notice about a potential incident and didn’t respond to reporters’ inquiries.
“Trellance and FedComp have been working around the clock to get our systems along with other credit unions around the country that have experienced the same issue back online,” Maggie Pope, chief executive of the Mountain Valley Federal Credit Union in Peru, New York, wrote in a memo to its members last week.
A post from cybersecurity researcher Kevin Beaumont claims that the issues had to do with Citrix Bleed, which he claims attacked two of Ongoing Operations Netscaler servers that hadn’t been patched since this summer. Citrix Bleed was first discovered several months ago, and a patch was released by the company in October.