Pacific City Bank (PCB), one of the largest Korean-American community banking providers in America, has revealed a ransomware incident that occurred last month.
The bank is circulating notices to inform its customers of a security breach it identified on August 30, 2021, which they claim to have resolved quickly.
Sensitive details disclosed
PCB’s internal investigation into what happened ended on September 7, 2021 and revealed that the ransomware players unfortunately obtained the following information from its systems:
- Loan application forms
- Tax return documents
- W-2 information for client companies
- Client company pay slips
- Full names
- Social security numbers
- Salary and Tax Details
As PCB clarifies, not all customers were impacted in the same way, as each customer provided different documents and details that were stored in the compromised systems.
In addition, it has not been determined whether or not this incident affects all of the bank’s customers or only a small subset. We have requested clarification from the bank, but have yet to receive a response.
Recipients of these notices are urged to remain vigilant against inbound communications and monitor their financial statements and credit reports for any signs of fraud.
Additionally, the bank offers one year of free credit monitoring and identity theft protection services through Equifax, with instructions on how to enroll included in the letters. Follow these instructions without deviation to avoid getting ripped off by actors who might try to seize the opportunity.
An AvosLocker victim
While Pacific City Bank has not disclosed the name of the ransomware group behind the September incident, AvosLocker claims responsibility for the attack and posted an entry on its data breach site.
The date of the incident is set for September 4, 2021, so the five-day difference may just be the “grace” period of the first round of negotiations, during which ransomware players typically avoid doing anything. some announcements.
The files that were eventually released to the Extortion Portal show what PCB has now admitted as a compromise, so there are no disparities there.
AvosLocker is one of the newest ransomware operators, appearing in the wild this summer, calling on affiliates on various underground forums to join the RaaS.
The group uses a multi-threaded ransomware strain that allows them to encrypt files quickly, while the payload is deployed manually by the attacker. Although AvosLocker has string obfuscation and APIs to evade static detection, it is generally “bare” with no layer of encryption.
For more details on AvosLocker and what you can do if you are affected by this ransomware family, see our support section.