A ransomware infection targeting cloud IT provider Ongoing Operations has caused disruptions for approximately 60 credit unions across the United States, impacting services they rely on from the affected vendor.
The National Credit Union Administration (NCUA), responsible for regulating and insuring these financial organizations, confirmed the incident, emphasizing that member deposits in affected federally insured credit unions are covered by the National Credit Union Share Insurance Fund up to $250,000.
Ongoing Operations, a provider owned by Trellance delivering disaster recovery solutions, remote virtual desktops, and hosted applications, disclosed the attack, believed to have occurred via the Citrix Bleed vulnerability. The vendor engaged third-party experts and notified law enforcement following the discovery of the sophisticated ransomware attack on November 26, 2023.
Although investigations are ongoing, there is currently no evidence of data misuse. However, several credit unions experienced system downtime due to the attack, including Mountain Valley Federal Credit Union in northern New York, impacting operations nationwide.
Mountain Valley’s CEO, Maggie Pope, assured members that while their information remained unaffected, Trellance was transitioning to a new server system in response to the incident, working tirelessly with FedComp to restore services for multiple affected credit unions across the country.
Despite attempts to reach out for comments, responses from the involved parties, including Trellance, Ongoing Operations, and FedComp, were unavailable. The NCUA has escalated the matter, notifying the US Treasury Department, CISA, and the FBI about the cyber incident.