River Financial Corporation said ransomware disrupted some operations at River Bank & Trust in Alabama after an unauthorized actor accessed the company’s network in mid-June.
River Financial said in a June 25 Form 8-K that the unauthorized actor gained access to its network environment, including River Bank & Trust, on or about June 16. The company said it identified the activity on or about June 19 and determined ransomware had been deployed across portions of its server environment.
The company said it disabled affected administrative accounts and took impacted systems offline. It said “certain operations” were affected but did not specify whether branches, ATMs, online banking, mobile banking, wires, cards, phone systems or loan services were disrupted.
River Bank & Trust, based in Prattville, has more than $3.8 billion in assets and 25 offices across Alabama, according to the company.
River said it is working with a third-party forensic firm and outside cybersecurity professionals to investigate the incident and restore operations. The company said the full nature, scope and impact had not been determined as of the filing date.
River said it is investigating whether personally identifiable information was accessed or exfiltrated. The company has not said whether customer funds were affected or whether law enforcement was notified.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
The filing did not identify a threat actor or say whether a ransom was demanded or paid. No public ransomware claim was identified at the time of publication.
River’s disclosure follows other bank and credit union cyber incidents that disrupted customer-facing services. Monticello Banking Company in Kentucky said a June 2025 cyberattack led it to restrict access to ATMs, cash management, online banking and mobile banking. Patelco Credit Union in California said a June 2024 ransomware attack forced it to shut down day-to-day banking systems, including online banking, its mobile app and call center.
River said it is continuing restoration work and will update the filing when more information is available. It has not identified the affected systems, the services still limited or whether any data was taken. River did not respond before publication to questions about affected services, restoration status, data exposure and whether customer funds were affected.
