DUBLIN, California — Four days after a ransomware attack crippled its systems, Patelco Credit Union remained unable to tell its members when banking operations would return to normal.

The Dublin-based credit union has not released additional details about the security breach that has left members barred from electronic payments, deposits and transfers since last weekend.

Customers continued on Tuesday to wait in lines to use bank ATMs and remained forced to visit Patelco branches throughout the state to withdraw cash, though they are still unable to access their statement balances or any information regarding their online banking.

Enrique Juarez, one of the credit union’s estimated 500,000 members, visited the Story Road branch in San Jose to ask about his social security check, which bounced and is his only source of income since retiring in January. A banker told him to check with the federal agency, he said Tuesday.

“I’ve never had a problem before,” said Juarez, a San Jose resident and retired warehouse worker. “Everything’s frozen, I can’t even check my balance until this is resolved – and they don’t know” when that will happen.

Ahmed Banafa, a San Jose State University lecturer and expert in cybersecurity, said Tuesday that it looks likely that hackers infiltrated the bank’s internal databases via a “phishing email” and encrypted its contents, locking out the bank from its own systems.

“The hackers, what they do usually, they ask for cryptocurrency, they ask for payment. That’s why it’s called ransomware,” Banafa said.

Patelco is estimated to manage more than $9 billion in assets across 37 branches statewide. It is unclear how many of the bank’s half a million accounts have been compromised and to what extent the bank’s assets have been affected.

Banafa called Patelco a “soft target” for hackers, or a target with low security such as schools and hospitals, compared to other higher-profile companies with more sophisticated cybersecurity protections such as federal government databases. It is possible the hackers are targeting either personal information of bank customers or money directly from the credit union, he said.

“This kind of information, hackers can take this information and sell it on the dark web and they can use it,” Banafa said, referring to illegal online servers selling contraband and other illegal services.

...continued

©#YR@ MediaNews Group, Inc. Visit at mercurynews.com. Distributed by Tribune Content Agency, LLC.