Liberty First Credit Union Hit by RansomHub Ransomware Attack
Incident Date:
September 19, 2024
Overview
Title
Liberty First Credit Union Hit by RansomHub Ransomware Attack
Victim
Liberty First Credit Union
Attacker
Ransomhub
Location
First Reported
September 19, 2024
RansomHub Ransomware Group Targets Liberty First Credit Union
Liberty First Credit Union (LFCU), a member-focused financial institution based in Lincoln, Nebraska, has fallen victim to a ransomware attack orchestrated by the RansomHub group. The attackers claim to have exfiltrated 254 GB of sensitive data, including client databases, passports, and financial records. The ransom deadline has been set for September 29, 2024.
About Liberty First Credit Union
Established in 1935, Liberty First Credit Union is a member-owned, not-for-profit financial cooperative. It operates under a democratic structure where each member has an equal vote, emphasizing the principle of "people helping people." LFCU offers a wide range of financial products and services, including checking and savings accounts, auto loans, home loans, personal loans, credit cards, and retirement accounts. The credit union employs between 51 and 200 individuals and has been recognized for its service quality, including being awarded the title of Best Credit Union in Lincoln for 2024.
Attack Overview
The RansomHub ransomware group has claimed responsibility for the attack on LFCU. The group has reportedly breached the systems of Nebraska’s 4th largest credit union, exfiltrating 254 GB of sensitive data. This data includes client databases, passports, and financial records. The attackers have set a ransom deadline for September 29, 2024, putting significant pressure on LFCU to comply with their demands.
About RansomHub
RansomHub is a Ransomware-as-a-Service (RaaS) group that emerged in February 2024. The group is known for its aggressive affiliate model and double extortion tactics, which involve encrypting victims' data and exfiltrating sensitive information for additional leverage in ransom demands. RansomHub has filled the void left by the disruption of other high-profile ransomware groups and has quickly expanded its reach, listing over 210 victims on its dark web leak sites as of August 2024.
Penetration and Vulnerabilities
RansomHub is renowned for its speed and efficiency, using a variety of infection vectors such as phishing campaigns, vulnerability exploitation, and password spraying. The group has also leveraged zero-day vulnerabilities to gain initial access. Once inside the network, RansomHub affiliates conduct multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. The group's ransomware is optimized to encrypt large datasets quickly while targeting a wide range of cross-platform systems, including Windows, Linux, and ESXi.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.