lockbit2 attacks FFNM

Incident Date:

February 27, 2022

World map



lockbit2 attacks FFNM






Albuquerque, USA

New Mexico, USA

First Reported

February 27, 2022

First Financial Credit Union Targeted by Lockbit2 Ransomware Group

Company Overview

First Financial Credit Union is a financial institution that offers various services, including auto loans, used auto loans, credit cards, home mortgages, and mobile banking. They also provide special discounts on tax prep services and scholarships for students.

Company Size and Industry Standout

The size of First Financial Credit Union is not explicitly mentioned in the search results. However, the company operates in the Organizations sector, which includes various types of businesses and organizations. In the financial services industry, credit unions like FFCU are known for their member-owned structure, which distinguishes them from traditional banks.

Vulnerabilities and Targeting

The Lockbit2 ransomware group has claimed responsibility for the attack on FFCU. The group is known for exploiting vulnerabilities in Citrix networking products, such as CVE-2023-4966, which is also referred to as CitrixBleed. This vulnerability has been linked to recent ransomware attacks against Boeing and Fidelity National Financial.

The NCUA has reported that about 60 credit unions have been affected by a ransomware attack against Trellance, a third-party IT vendor for the industry. This suggests that FFCU may have been targeted due to its association with Trellance or because of vulnerabilities in its IT infrastructure.

Response and Mitigation

The NCUA has informed the Treasury Department, FBI, and CISA about the ransomware attack on Trellance and its impact on credit unions. FFCU has hired a third-party forensic vendor to assist in an ongoing investigation into the claims made by the ransomware group.

The Office of the Superintendent of Insurance in New Mexico, which is not related to FFCU, has also faced a ransomware attack, with attackers demanding around two million dollars in ransom. This highlights the growing trend of ransomware attacks on government agencies and financial institutions.


  • First Financial Credit Union
  • Credit unions confront outages linked to third-party IT vendor ransomware attack
  • New Mexico insurance agency faces cyber attack
  • New Mexico credit union investigating claims made by known ransomware group

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.