New Peoples Bank Suffers Ransomware Attack

Incident Overview

New Peoples Bank, serving regions across Virginia, West Virginia, Tennessee, and North Carolina, has confirmed it was the target of a ransomware attack. The bank disclosed that on June 15, 2022, it became aware that an unauthorized entity had infiltrated their systems on June 9, 2022. This cyber intrusion led to significant disruptions, temporarily halting the bank's operations.

Attack Details

The ransomware group known as Black Basta has taken responsibility for this security breach, as announced on their dark web leak site. Black Basta is notorious for its double extortion tactics, often leveraging older malware to penetrate and establish control over their targets' IT environments.

The breach compromised a variety of personal data, including Social Security numbers, driver's license numbers, financial account details, and electronic signatures. Despite these challenges, New Peoples Bank has assured that all transactions from June 15, 2022, have been successfully processed without further issue.

Response and Remediation

In the wake of the attack, New Peoples Bank has initiated several measures to support its affected customers. Among these, the bank is offering a complimentary one-year subscription to Experian’s IdentityWorksSM. This service is designed to monitor for potential misuse of personal information and to provide comprehensive identity protection support.

While the bank has been transparent about the incident, it has not disclosed the specific vulnerabilities that were exploited in the attack. The size of the bank and the exact number of affected individuals remain unspecified.

Conclusion

This incident underscores the persistent and evolving threats in the cybersecurity landscape. It highlights the critical need for organizations to adopt and maintain stringent security protocols to safeguard sensitive data against such attacks.

Sources

• New Peoples Bank. "Welcome to the Bank that serves our customers and our community guided by The Golden Rule." Retrieved April 10, 2024, from https://www.newpeoples.bank/
• WVVA. "New Peoples Bank acknowledges 'cybersecurity incident'." June 29, 2022. Retrieved April 10, 2024, from https://www.wvva.com/2022/06/29/new-peoples-bank-acknowledges-cybersecurity-incident/
• WCYB. "New Peoples Bank says info of customers may have been acquired by unauthorized person." June 29, 2022. Retrieved April 10, 2024, from https://wcyb.com/news/local/new-peoples-bank-says-info-of-customers-may-have-been-acquired-by-unauthorized-person
• SentinelOne. "The Good, the Bad and the Ugly in Cybersecurity - Week 27." July 1, 2022. Retrieved April 10, 2024, from https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-27-3/