News

American Bank Systems hit by ransomware attack, full 53 GB data dump leaked

Avaddon ransomware hits American Bank Systems Inc.

American Bank Systems (ABS), a company that provides services to U.S. financial institutions and banks helping them “operate efficiently and confidently in a rapidly evolving – highly regulated – environment” has been hit by a ransomware attack this month.

Avaddon, the ransomware group behind the attack had earlier alleged they had acquired over 50 GB of the company’s proprietary data but had leaked a partial 4 GB dump earlier this month, part of which has been analyzed by Security Report News.

Screenshot of files present in leaked data dump (source: Avaddon)

It appears, this week, the threat actors have published the full 52.57 GB dump after ABS had likely refused to cooperate with Avaddon’s ransom demands.

The incident seems to have occurred sometime in or before early October, given the timestamps on the screenshots of leaked files.

The cyberattack is concerning as ABS’ clients included multiple banking names and mortgage companies, such as First Federal Community Bank, Rio Bank, Citizens Bank of Swainsboro, First Bank & Trust, etc.

Although ABS’ clients—banks and mortgage providers, may not have been directly hit by this cyberattack, ABS does provide banking software and systems to facilitate bank processes and compliance requirements to these banks.

By breaching ABS, threat actors may have therefore gained access to their clients’ data, and further the banking customers’ data.

Data contains loan documents, emails, contracts, network shares, passwords

The leaked data in the dump includes files such as loan documents, business contracts, private emails, invoices, credentials for network shares, and other confidential information.

Leaked credentials to network drive associated with The Bank of New Madrid

Another document, a spreadsheet shown below appears to be financial records of a bank that had used ABS’ services. This is likely how the attackers got access to the bank’s files.

In the financial document, along with personal information and loan amounts, the banking customers’ Tax ID numbers (likely Social Security Numbers) are also exposed.

One leaked financial document as observed by Security Report News

Software binaries (EXEs and DLLs) of applications used by ABS for day to day operations have also been included in the leaked dump.

EXEs and DLLs of software applications used by ABS contained in the dump

Likewise, SFTP and network credentials for other banks were kept in plaintext, in Word documents that were leaked in the data dump.

Sensitive network drive and SFTP paths and passwords were kept in plaintext in Word docs

Other proprietary information leaked includes what appears to be employee and customer data.

Not clear how many customers impacted

Ransomware attacks can hit any business despite having state-of-the-art security controls in place as human element remains the weakest link.

However, this incident is particularly chilling.

By breaching just one company American Bank Systems (ABS) that touts itself as providing compliance and risk management services to multiple banks, the threat actors gained access to not only ABS’ client systems (i.e. banks and financial institutions) but also got their hands on data of individuals who are customers of these banks.

It is not clear how many individual banking customers and financial organizations are impacted as a result of this breach.

Security Report had been monitoring the ransomware operators’ claims for weeks but waited to publish our findings after they were made public on Twitter:

It is also not known what steps has ABS taken to protect their systems moving forward, and those of the partner banks after this incident.

And more importantly, who is addressing the individual banking customers whose personal information has been compromised as a part of this cyberattack?

Security Report reached out to multiple ABS contacts via email for comment but we have not heard back yet.

Ax Sharma

Ax Sharma is a UK-based security researcher, journalist and TV subject matter expert experienced in malware analysis and cybercrime investigations. His areas of interest include open source software security and threat intel analysis. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

ParkMobile’s $32.8 Million Data Breach Settlement = You get $1?

In 2021, parking app ParkMobile suffered a massive data breach impacting 22 million users whose…

14 hours ago

8 Brutal Truths About Cybersecurity I Wish I Knew

When I first got into cybersecurity, I thought it was all about hackers in hoodies…

2 days ago

US Air Force Probes Potential SharePoint-Linked Privacy Breach

The US Air Force is investigating a “privacy-related issue” that may have exposed personally identifiable…

3 days ago

Harrods third-party breach exposes 430,000 customer records, hackers reach out

London’s iconic department store Harrods has disclosed that approximately 430,000 customer records were compromised in…

5 days ago

WestJet confirms customer ID, passports stolen in June cyberattack

WestJet confirmed that in a June 2025 cybersecurity incident, a “sophisticated, criminal third party” gained…

5 days ago

Did You Also Get a ‘Real’ Phishing Email From GitHub.com?

Imagine getting an email straight from GitHub’s own notification system: the same one you've trusted…

1 week ago

This website uses cookies.