USE Federal Credit Union Targeted by Qilin Ransomware Group

Incident Date: Jan 18, 2025

Attack Overview

VICTIM

USE Federal Credit Union

INDUSTRY

Finance

LOCATION

USA

ATTACKER

Qilin

FIRST REPORTED

January 18, 2025

Request Removal

Ransomware Attack on USE Federal Credit Union by Qilin Group

On January 18, 2025, USE Federal Credit Union, a member-owned, non-profit financial institution based in Oklahoma City, fell victim to a ransomware attack orchestrated by the Qilin ransomware group. This incident highlights the persistent threat posed by sophisticated cybercriminals targeting the financial sector.

About USE Federal Credit Union

USE Federal Credit Union (USEFCU) is a full-service financial institution with a history dating back to 1933. Originally established as the Houston Railway Postal Clerks Credit Union, it has evolved to serve a diverse membership of over 9,000 individuals. The credit union offers a wide range of financial products, including checking and savings accounts, personal loans, and mortgages. As a non-profit entity, USEFCU prioritizes member service over profit, providing competitive interest rates and personalized financial solutions. Despite its relatively small size, with approximately 30 employees, USEFCU is known for its community-oriented approach and commitment to financial education.

Attack Overview

The Qilin ransomware group, known for its Ransomware-as-a-Service (RaaS) model, claimed responsibility for the attack on USEFCU. The group employs double extortion tactics, encrypting data and threatening to leak it unless a ransom is paid. In this case, Qilin has released six screenshots as proof of the breach and announced plans to make the stolen data available for download on January 24, 2025. The exact volume of compromised data remains undisclosed, but the potential impact on USEFCU's operations and member trust is significant.

Qilin Ransomware Group

Qilin, also known as Agenda, emerged in 2022 and has since become a formidable player in the ransomware landscape. The group distinguishes itself through its use of advanced encryption techniques and a highly customizable ransomware platform, allowing affiliates to tailor attacks to specific targets. Qilin's focus on large enterprises, including those in the financial sector, underscores its strategic targeting of organizations with valuable data. The group's ability to penetrate systems often involves exploiting vulnerabilities in widely used technologies such as Citrix ADC and VMware ESXi, as well as employing spear phishing tactics.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.