News

American Bank Systems hit by ransomware attack, full 53 GB data dump leaked

Avaddon ransomware hits American Bank Systems Inc.

American Bank Systems (ABS), a company that provides services to U.S. financial institutions and banks helping them “operate efficiently and confidently in a rapidly evolving – highly regulated – environment” has been hit by a ransomware attack this month.

Avaddon, the ransomware group behind the attack had earlier alleged they had acquired over 50 GB of the company’s proprietary data but had leaked a partial 4 GB dump earlier this month, part of which has been analyzed by Security Report News.

Screenshot of files present in leaked data dump (source: Avaddon)

It appears, this week, the threat actors have published the full 52.57 GB dump after ABS had likely refused to cooperate with Avaddon’s ransom demands.

The incident seems to have occurred sometime in or before early October, given the timestamps on the screenshots of leaked files.

The cyberattack is concerning as ABS’ clients included multiple banking names and mortgage companies, such as First Federal Community Bank, Rio Bank, Citizens Bank of Swainsboro, First Bank & Trust, etc.

Although ABS’ clients—banks and mortgage providers, may not have been directly hit by this cyberattack, ABS does provide banking software and systems to facilitate bank processes and compliance requirements to these banks.

By breaching ABS, threat actors may have therefore gained access to their clients’ data, and further the banking customers’ data.

Data contains loan documents, emails, contracts, network shares, passwords

The leaked data in the dump includes files such as loan documents, business contracts, private emails, invoices, credentials for network shares, and other confidential information.

Leaked credentials to network drive associated with The Bank of New Madrid

Another document, a spreadsheet shown below appears to be financial records of a bank that had used ABS’ services. This is likely how the attackers got access to the bank’s files.

In the financial document, along with personal information and loan amounts, the banking customers’ Tax ID numbers (likely Social Security Numbers) are also exposed.

One leaked financial document as observed by Security Report News

Software binaries (EXEs and DLLs) of applications used by ABS for day to day operations have also been included in the leaked dump.

EXEs and DLLs of software applications used by ABS contained in the dump

Likewise, SFTP and network credentials for other banks were kept in plaintext, in Word documents that were leaked in the data dump.

Sensitive network drive and SFTP paths and passwords were kept in plaintext in Word docs

Other proprietary information leaked includes what appears to be employee and customer data.

Not clear how many customers impacted

Ransomware attacks can hit any business despite having state-of-the-art security controls in place as human element remains the weakest link.

However, this incident is particularly chilling.

By breaching just one company American Bank Systems (ABS) that touts itself as providing compliance and risk management services to multiple banks, the threat actors gained access to not only ABS’ client systems (i.e. banks and financial institutions) but also got their hands on data of individuals who are customers of these banks.

It is not clear how many individual banking customers and financial organizations are impacted as a result of this breach.

Security Report had been monitoring the ransomware operators’ claims for weeks but waited to publish our findings after they were made public on Twitter:

It is also not known what steps has ABS taken to protect their systems moving forward, and those of the partner banks after this incident.

And more importantly, who is addressing the individual banking customers whose personal information has been compromised as a part of this cyberattack?

Security Report reached out to multiple ABS contacts via email for comment but we have not heard back yet.

Ax Sharma

Ax Sharma is an Indian-origin British security researcher, journalist and TV subject matter expert with a focus on malware analysis and cybercrime investigations. His areas of interest include open source software security, threat intel analysis, and reverse engineering. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…

12 months ago

Rogue WordPress plugin: Threat hunters uncover credit card skimming campaign targeting e-commerce sites

Rogue WordPress Plugin Found to Steal Credit Card Information in Magecart Campaign Threat hunters have…

12 months ago

Albanian Parliament and telco ‘One Albania’ suffer cyber attacks

The Assembly of the Republic of Albania and telecom company One Albania have recently fallen…

12 months ago

Carbanak Banking Malware Resurfaces with Updated Tactics in Ransomware Attacks

The banking malware Carbanak has resurfaced with updated tactics, incorporating attack vendors and techniques to…

12 months ago

Theme park giant Parques Reunidos hit by a ransomware cyber attack

One of the world's largest theme park operators, Parques Reunidos has disclosed a cybersecurity incident.…

2 years ago

Phishing kit screenshots your email domain on the fly to appear real

Phishing kit used by multiple hacked sites generates a log in page on the fly…

2 years ago

This website uses cookies.