- The “Avaddon” group has announced ‘Valley National Bank’ as a new victim on its extortion portal.
- The threat actors have posted some screenshots that allegedly show stolen files and documents.
- The incident hasn’t been confirmed by the American bank, but their website is currently offline.
The “Avaddon” ransomware group, one of the most active in the field at the moment, has recently added a high-profile victim onto its extortion portal, which is the ‘Valley National Bank.’ The actors threaten to launch DDoS attacks, which is a typical part of their extortion and attention-grabbing techniques, and indeed, the bank's website appears to be offline at the moment. The timer, which is also the deadline for contacting the actors, has about two and a half days left before the crooks threaten to release the entire set of the data they stole during the network infiltration.
The actors claim to have stolen sensitive documents that belong to the bank and even posted some screenshots that show confidential agreements, folders containing information on executives of the bank, and more. We don’t know if these screenshots are made up or real and whether the bank has really suffered a cyber-attack or not, but the “Oritani Corporation” shown in the folder is indeed a subsidiary of the Valley Bank based in New Jersey. Also, the fact that the official website of the bank is offline right now definitely looks suspicious.
We have reached out to the bank via email to confirm the incident, but we have not received a response yet. Valley National Bank is a regional bank holding company with $42 billion in assets, operating 230 branch locations in New Jersey, New York, Florida, Alabama, and Long Island.
Even if the bank has suffered a data breach, something that has not been officially confirmed yet, the data sets posted by the “Avaddon” ransomware actors don’t seem to contain anything related to clients. That said, if you’re a customer of this bank, you shouldn’t panic just yet.
Avaddon is the most prolific ransomware group regarding the number of attacks they launch against victims of all sizes and types, announcing an average of 2.3 victims daily on their extortion portal. Most of them are engaged in manufacturing and construction sectors, but financial services and government entities also rank high in the list. And finally, entities based in the United States enjoy the lion’s share, especially among Russian-speaking (and based?) groups like Avaddon.