Pacific City Bank (PCB) is issuing warnings to inform its customers about a security issue discovered on August 30, 2021, which they assert was quickly resolved. 

Pacific City Bank (PCB), one of America's leading Korean-American community financial service providers, has revealed a ransomware attack that occurred last month. 

“PCB responded promptly to disable the activity, investigate its source, and monitor PCB’s network. PCB subsequently became aware of claims that it had been the target of a ransomware attack. On September 7, 2021, PCB determined that an external actor had illegally accessed and/or acquired certain data on its network,” the bank said in a statement. 

On September 7, 2021, PCB's internal investigation into what happened was completed, and it discovered that malicious attackers had stolen the user's Loan application forms, Tax return documents, W-2 information of client firms, Payroll records of client firms, Full names, Addresses, Social Security Numbers, Wage and tax details from their systems. 

According to PCB, not all customers were influenced by such factors because each customer submitted different papers and information that was kept in the compromised systems. Furthermore, it is unknown whether this occurrence impacts the bank's complete clientele or simply a small percentage. 

The receivers of these notices were encouraged to be wary of unsolicited mail and to keep an eye on their bank statements and credit reports for indications of fraud. In addition, the bank has provided Equifax with a one-year free credit monitoring and identity theft protection program, with information on how to sign up included in the letters. 

While the bank didn't mention the ransomware gang responsible for the September attack, AvosLocker has claimed the attack and posted an entry on their information leak website. The event is scheduled for September 4, 2021, therefore the five-day gap could simply be the "grace" period of the opening negotiation round when ransomware operators avoid making public statements. 

There have been no discrepancies in the data that were subsequently placed on the blackmail portal because they show what PCB has now conceded was breached. AvosLocker is among the most recent ransomware operators, having emerged in the wild this summer and soliciting affiliates to join the RaaS on numerous underground sites. 

The group employs a multi-threaded malware strain that allows attackers to encrypt files quickly whereas the attacker deploys the payloads individually. Although the AvosLocker uses text and API obfuscation to avoid static identification, it is otherwise "naked," meaning it lacks a cryptographic layer.