In its letter to clients, the PCB told PII and other banking information related to them were stolen. The threat actor behind this was AvosLocker – a relatively new ransomware group expanding now.
Ransomware Hitting Pacific City Bank
Pacific City Bank is an American community bank focusing on the Korean-American community-based in California. Having branches in over 8 states, it offers all the commercial banking services. Today, the bank started informing some of its clients regarding a ransomware attack it faced in August this year, which it’s spotted on 30th August. An internal investigation into this incident was ended on September 7th, and revealed that the following customer data was impacted;
Loan application forms Tax return documents W-2 information of client firms Payroll records of client firms Full names Addresses Social Security Numbers Wage and tax details
While it didn’t confirm the range of breaches, it said not all customers were impacted by this, as they have submitted different information for different purposes. Yet, the bank assured that it addressed the situation, and now offers free 1-year credit and identity theft monitor service to impacted customers, through Equifax. The threat actor behind this hack was identified to be AvosLocker, a new ransomware group that is now expanding in the space. It’s calling for affiliates to join them, as they work on a Raas basis. The group posted few files belonging to The Pacific City Bank on September 4th, maybe after failed negotiations. It uses multi-threaded ransomware strain to encrypt the files faster, manually deploy payload. While it obfuscates some code strings and API, it’s still considered “naked” as it goes without a crypting layer.