Cyber Incident Victim: Pacific City Bank
Date:
Sep 2021
Location:
United States of America
Summary
Pacific City Bank, a California-based institution serving the Korean-American community, suffered a ransomware attack by the AVOS Locker group, which exfiltrated sensitive documents and publicly criticized the organization's security measures as inadequate. The attackers published proof of compromised data on their leak site, including screenshots and a ZIP archive containing stolen files, while threatening to release all exfiltrated information unless negotiations occurred. This incident highlighted operational disruptions and potential exposure of confidential customer or business data due to the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Pacific City Bank, a California-based community bank serving the Korean-American population with commercial banking services, experienced a ransomware attack claimed by the AVOS Locker group on September 4, 2021. The attackers publicly listed the financial institution on their data leak site, accompanied by screenshots purporting to validate unauthorized access to internal systems. Cybercriminals characterized the bank's cybersecurity measures as "terrible" in a message juxtaposed against promotional language about the institution's consumer services. The group threatened to release all stolen data unless negotiations occurred, publishing a ZIP archive labeled "proof" containing samples of allegedly exfiltrated documents. This archive served as tactical leverage to pressure the bank while demonstrating operational success to other potential victims. The public disclosure occurred on a Saturday, potentially timing the announcement to maximize attention during weekend news cycles with reduced corporate response capacity. No technical details regarding initial intrusion vectors, encryption methods, or internal detection timelines appeared in the threat actors' public statements.
The incident exposed operational vulnerabilities through the attackers' explicit criticism of security protocols, though specific system weaknesses remained unspecified. Published evidence suggested compromise of document repositories containing business-sensitive information, with the archive contents implying data exfiltration preceded ransomware deployment. Financial disruption details, customer impact specifics, and ransom demands were not disclosed in available communications. The bank's public response strategy and negotiation status remained undocumented in the source material, while the attackers maintained coercive pressure through implicit data leakage timelines. Consequences included reputational damage from publicized security criticisms and potential regulatory scrutiny stemming from unauthorized access to banking documents. Operational continuity challenges were not described, though ransomware incidents typically involve system lockdowns and recovery procedures. The attackers' focus on data exfiltration rather than service disruption aligned with double-extortion tactics prevalent during 2021 ransomware operations targeting financial institutions.