Skip to main content

Ransomware: 'It's A Growing Issue'

MADISON, Wis.—Ransomware attacks, already a quiet concern that has been growing among credit unions, are expected to dramatically increase this year—with one analyst saying there is “no silver bullet” to prevent the threat.
Ransomware is a type of malicious software designed to block access to a computer system or PC until a sum of money is paid. In the case of a financial institution, crooks first use the malware to encrypt the contents of the FI’s data and then extract a ransom in exchange for decrypting the information and allowing the victim to regain access.

It’s an issue, according to one regulator source who asked for anonymity that has been growing within credit unions, many of which have paid ransoms to regain access to their data and have chosen not to speaking publicly about the crime.
“This has become a huge problem,” said Ken Otsuka, senior consultant in CUNA Mutual Group’s risk management department, adding that CUNA Mutual Group’s cyber liability coverage data does not break down the type of cyber-attack that leads to a claim. “The FBI statistics are unnerving.”
According to the FBI, between April 2014 and June 2015 the agency received 992 ransomware complaints, with victims reporting losses of more than $18 million. Overall, reports indicate that losses from ransomware to date range from tens of millions to hundreds of millions of dollars.
Experts are predicting the threat will spread in 2016 due to inexpensive, do-it-yourself ransomware kits that are beginning to become available in underground markets.
“Analysts are concerned that cyber criminals are on the verge of widening the scope of their attacks,” reported ThirdCertainty’s Jaikumar Vijayan. “Researchers at security vendor Emsisoft analyzed a malware tool dubbed Ransom32 that many believe is a harbinger of things to come on the ransomware front.”
Portabile Platform
Ransom32 is the first ransomware tool written entirely in Javascript. That makes it easily portable to other platforms such as Linux and Mac OS X, Vijayan reported.
While reports indicate that ransomware costs can reach as high as $5,000 per user on an infected system, the bigger costs, sources say, come from staff downtime and from the credit union’s damaged reputation among its members.
According to a survey conducted by cloud IT services company Intermedia, many firms do not have a business continuity plan that would help them continue working while under a ransomware attack. Instead, they suffer costly downtime, with 72% not being able to access their files for two days, and 32% for five days or more.
Otsuka confirmed that a business continuity plan to address a ransomware attack is necessary today. He also outlined several steps credit unions should take to defend against ransomware, none more important that backing up data regularly.
“The big item is making sure the credit union has an effective data backup strategy in place so that if the credit union is hit with a ransomware attack and files are unreadable, it can go back to the most recent backup media tape and restore the data and not have to pay the ransom,” said Otsuka.
Otsuka said credit unions should periodically conduct “restore tests,” where they test to see if the data they would use to restore compromised files is usable.
“The time to find out your backup data is not usable is not during the middle of a ransomware attack,” he said.
Steps to Take
Noting there is no “silver bullet,” Otsuka outlined other important steps to guard against ransomware:
·         Securely configure systems and services.
·         Protect against unauthorized access.
·         Perform security monitoring, prevention and risk mitigation.
·         Update information security awareness and training programs to include cyber-attacks involving extortion.
·         Implement and regularly test controls around critical systems.
·         Review, update and test incident response and business continuity plans periodically.
·         Ensure antivirus programs are kept up-to-date.
·         Confirm operating systems and software are kept up-to-date with the latest patches.
·         Block access to personal email accounts.
·         Deploy spam and web filters.
·         Enable pop-up blockers.
As if often the case, in many successful cyber-attacks, staff are often the weak link, said Otsuka. He emphasized that credit unions should regularly test employees to make sure they understand how to prevent against phishing attacks and other email scams that can infect the system.
“I would test employees by sending them phishing-like emails to see how susceptible they are,” said Otsuka, explaining that cyber security companies can provide these “test” emails.
Otsuka said another key guiding principle is to network on risks, such as in industry information-sharing forums, and share information regarding threat intelligence.
“Credit unions with a CUNA Mutual Group cyber liability insurance policy may be eligible for a discounted membership fee for the Financial Services Information Sharing and Analysis Center (FS-ISAC),” said Otsuka.

To learn more, visit www.cunamutual.com/fs-isac

Comments

Popular posts from this blog

NCOFCU YouTube Video Minies

  https://www.youtube.com/playlist?list=PLT3lzRTXnHw4YHnT2TzILxP7Rfkjn0eT1  __ ______________________________________________ Check out NCOFCU's additional features: First Responder Credit Union Academy Podcasts YouTube Mini's Blog Job Board

Sunday Reading - 401(k) plans, explained

  Worker Nest Eggs       401(k) plans, explained Originally intended for corporate executives, the 401(k) is now, arguably,   the most famous section of the US tax code   and a staple in worker benefits packages and personal finance guides ( watch 101 ). Roughly 70 million Americans, with a total of more than $7T invested , use these long-term, tax-advantaged accounts to build toward a more secure retirement. Some critics claim that with 401(k) plans, companies offloaded the risk of retirement savings to workers without the training to avoid volatile portfolio mixes. Amid the 2008 financial crisis, many 401(k) plans lost over a quarter of their value , an event that hit those near retirement particularly hard. ... Read our full explainer on the plan...

Why credit unions need to be formulating a strategy for crypto & digital...

“The future of money isn’t coming – it’s here, growing at $4 trillion and accelerating,”  DaLand CIO, Jon Ungerland said in a statement. “Their solution ensures the institutions that matter most to American communities don’t miss the transition.” https://www.dalandcuso.com/videos-podcasts __ ______________________________________________ Check out NCOFCU's additional features: First Responder Credit Union Academy Podcasts YouTube Mini's Blog Job Board

Fed Gets Green Light for Interest Rate Cuts as Unemployment Rate Jumps to 4-Year High

The Federal Reserve is now seen as likely to   cut interest rates   multiple times before the end of the year, following another weak jobs report that showed unemployment jumping to a four-year high. The U.S. economy added just 22,000 jobs in August, less than economists had expected, the  Bureau of Labor Statistics  reported Friday. The unemployment rate rose to 4.3%, up slightly from 4.2% in July but hitting the highest level seen since October 2021, when the economy was still recovering from pandemic-driven layoffs. Although the new jobs report was troubling news for the economy, for prospective homebuyers with secure jobs it likely means further easing in  mortgage rates  in the days to come. Mortgage rates hinge primarily on the yields of  10-year Treasury notes , which plunged Friday to their lowest level since early April, when President  Donald Trump 's Liberation Day tariff announcement sparked panic in financial markets. It signals furth...

The Federal Reserve and How it Works

  The Federal Reserve       Background No institution wields more power in US finance than the Federal Reserve—but opinion polls indicate most Americans  don’t know  what it does. Known casually as “the Fed,” the century-old independent central bank sets interest rates, determining how much ordinary people pay for mortgages, car loans, and more, all to achieve its dual mandate of price stability and maximum employment ( read 101 ). Consisting of a central board of governors working in tandem with 12 regional banks, the Fed also manages the US money supply and acts as the lender of last resort. The Origins of the Fed Throughout the 19th century, the US faced  periodic economic downturns , which resulted in financial panics. Customers raced ...