RansomHub Ransomware Group Targets Liberty First Credit Union

Liberty First Credit Union (LFCU), a member-focused financial institution based in Lincoln, Nebraska, has fallen victim to a ransomware attack orchestrated by the RansomHub group. The attackers claim to have exfiltrated 254 GB of sensitive data, including client databases, passports, and financial records. The ransom deadline has been set for September 29, 2024.

About Liberty First Credit Union

Established in 1935, Liberty First Credit Union is a member-owned, not-for-profit financial cooperative. It operates under a democratic structure where each member has an equal vote, emphasizing the principle of "people helping people." LFCU offers a wide range of financial products and services, including checking and savings accounts, auto loans, home loans, personal loans, credit cards, and retirement accounts. The credit union employs between 51 and 200 individuals and has been recognized for its service quality, including being awarded the title of Best Credit Union in Lincoln for 2024.

Attack Overview

The RansomHub ransomware group has claimed responsibility for the attack on LFCU. The group has reportedly breached the systems of Nebraska’s 4th largest credit union, exfiltrating 254 GB of sensitive data. This data includes client databases, passports, and financial records. The attackers have set a ransom deadline for September 29, 2024, putting significant pressure on LFCU to comply with their demands.

About RansomHub

RansomHub is a Ransomware-as-a-Service (RaaS) group that emerged in February 2024. The group is known for its aggressive affiliate model and double extortion tactics, which involve encrypting victims' data and exfiltrating sensitive information for additional leverage in ransom demands. RansomHub has filled the void left by the disruption of other high-profile ransomware groups and has quickly expanded its reach, listing over 210 victims on its dark web leak sites as of August 2024.

Penetration and Vulnerabilities

RansomHub is renowned for its speed and efficiency, using a variety of infection vectors such as phishing campaigns, vulnerability exploitation, and password spraying. The group has also leveraged zero-day vulnerabilities to gain initial access. Once inside the network, RansomHub affiliates conduct multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. The group's ransomware is optimized to encrypt large datasets quickly while targeting a wide range of cross-platform systems, including Windows, Linux, and ESXi.

Sources

• Liberty First Credit Union
• Better Business Bureau Profile
• Trustpilot Reviews
• Yelp Reviews
• Dun & Bradstreet Profile