Pacific City Bank (PCB) has informed clients of a ransomware incident in August that exposed client data. PCB said the threat actors obtained loan application forms, tax return documents, W-2 information of client firms, payroll records of client firms, full names, addresses, social security numbers, and tax details. PCB has stated that the amount of stolen data varies for each client and it has not yet been determined if all the bank’s clientele were impacted. Although PCB’s notification did not name the ransomware group responsible, AvosLocker has posted PCB compromised files on their leak site. The bank is offering one year of free credit monitoring and identity theft protection services through Equifax.
Organizations should initiate proactive measures to ensure they are protected from ransomware. The US DHS website, stopransomware.gov, has links to resources that can help organizations protect their systems from intrusions that lead to ransomware. Some of these recommendations include:
• Regularly back up data, air gap, and password protect backup copies offline.
• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
• Implement network segmentation.
• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
• Install updates/patch operating systems, software, and firmware as soon as practical after they are released.
• Implement monitoring of security events on employee workstations and servers, with a 24/7 Security Operations Center to detect threats and respond quickly.
• Use multifactor authentication where possible.
• Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes.
• Avoid reusing passwords for multiple accounts.
• Focus on cybersecurity awareness and training.
• Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.