Ransomware Attack Causes Outages Across 60 Credit Unions

A ransomware attack has caused outages across around 60 credit unions in the U.S., the National Credit Union Administration (NCUA) has reported.

The attack targeted an IT provider used by credit unions, bringing down several unions as a result, though the full scale and impact of the attack is not yet clear.

One of the impacted unions, New York's Mountain Valley Federal Credit Union (MVFCU), announced the issue in a letter to its members. 

"It has been brought to our attention by our data processor – FedComp Inc, that the third-party vendor of our computer operating system 'Trellance' was the victim of a ransomware attack," wrote Maggie Pope, MVFCU’s CEO. “This is not just an MVFCU issue, it is nationwide. 

“Trellance and FedComp have been working around the clock to get our systems along with other credit unions around the country that have experienced the same issue back online.”

A notice on the FedComp website (since removed) said its data center is “experiencing technical difficulties and is under a country-wide outage.”

“We are down with no ETA, but Trellance is still working on resolving the issue. There is no email support, but the Tech line is available,” the statement said.

The NCUA warned in August that it was seeing an increase in cyberattacks against credit unions, saying it urged all unions and related entities to “take immediate and comprehensive action” to protect their systems, sensitive data, and the financial well-being of their members.

Related:Cyberattack Closes Emergency Rooms in Three States

The incident is just the latest in a spate of attacks that have caused major disruptions across industries including health care, universities and hospitality, with the Biden administration saying ransomware is a “global scourge” and a national security crisis. 

Several emergency rooms were forced to divert patients over Thanksgiving weekend due to a cyberattack, while last month the University of Michigan suffered a data breach after hackers infiltrated its campus system. 

A cyberattack also took down multiple systems at MGM Resorts International properties in September and Boeing recently confirmed it was dealing with a cyber incident days after it was listed on the “victim list” of the LockBit ransomware gang.