MADISON, Wis.—Ransomware attacks, already a quiet concern that
has been growing among credit unions, are expected to dramatically increase
this year—with one analyst saying there is “no silver bullet” to prevent the
threat.
Ransomware is a type of malicious software designed to block
access to a computer system or PC until a sum of money is paid. In the case of
a financial institution, crooks first use the malware to encrypt the contents
of the FI’s data and then extract a ransom in exchange for decrypting the
information and allowing the victim to regain access.
It’s an issue, according to one regulator source who asked for anonymity that has been growing within credit unions, many of which have paid ransoms to regain access to their data and have chosen not to speaking publicly about the crime.
It’s an issue, according to one regulator source who asked for anonymity that has been growing within credit unions, many of which have paid ransoms to regain access to their data and have chosen not to speaking publicly about the crime.
“This has become a huge problem,” said Ken Otsuka, senior
consultant in CUNA Mutual Group’s risk management department, adding that CUNA
Mutual Group’s cyber liability coverage data does not break down the type of cyber-attack
that leads to a claim. “The FBI statistics are unnerving.”
According to the FBI, between April 2014 and June 2015 the
agency received 992 ransomware complaints, with victims reporting losses of
more than $18 million. Overall, reports indicate that losses from ransomware to
date range from tens of millions to hundreds of millions of dollars.
Experts are predicting the threat will spread in 2016 due to
inexpensive, do-it-yourself ransomware kits that are beginning to become
available in underground markets.
“Analysts are concerned that cyber criminals are on the verge of
widening the scope of their attacks,” reported ThirdCertainty’s Jaikumar
Vijayan. “Researchers at security vendor Emsisoft analyzed a malware tool
dubbed Ransom32 that many believe is a harbinger of things to come on the
ransomware front.”
Portabile Platform
Ransom32 is the first ransomware tool written entirely in
Javascript. That makes it easily portable to other platforms such as Linux and
Mac OS X, Vijayan reported.
While reports indicate that ransomware costs can reach as high
as $5,000 per user on an infected system, the bigger costs, sources say, come
from staff downtime and from the credit union’s damaged reputation among its
members.
According to a survey conducted by cloud IT services company
Intermedia, many firms do not have a business continuity plan that would help
them continue working while under a ransomware attack. Instead, they suffer
costly downtime, with 72% not being able to access their files for two days,
and 32% for five days or more.
Otsuka confirmed that a business continuity plan to address a
ransomware attack is necessary today. He also outlined several steps credit
unions should take to defend against ransomware, none more important that
backing up data regularly.
“The big item is making sure the credit union has an effective
data backup strategy in place so that if the credit union is hit with a
ransomware attack and files are unreadable, it can go back to the most recent
backup media tape and restore the data and not have to pay the ransom,” said
Otsuka.
Otsuka said credit unions should periodically conduct “restore
tests,” where they test to see if the data they would use to restore
compromised files is usable.
“The time to find out your backup data is not usable is not
during the middle of a ransomware attack,” he said.
Steps to Take
Noting there is no “silver bullet,” Otsuka outlined other
important steps to guard against ransomware:
·
Securely configure systems and services.
·
Protect against unauthorized access.
·
Perform security monitoring, prevention and
risk mitigation.
·
Update information security awareness and
training programs to include cyber-attacks involving extortion.
·
Implement and regularly test controls around
critical systems.
·
Review, update and test incident response and
business continuity plans periodically.
·
Ensure antivirus programs are kept up-to-date.
·
Confirm operating systems and software are
kept up-to-date with the latest patches.
·
Block access to personal email accounts.
·
Deploy spam and web filters.
·
Enable pop-up blockers.
As if often the case, in many successful cyber-attacks, staff
are often the weak link, said Otsuka. He emphasized that credit unions should
regularly test employees to make sure they understand how to prevent against
phishing attacks and other email scams that can infect the system.
“I would test employees by sending them phishing-like emails to
see how susceptible they are,” said Otsuka, explaining that cyber security
companies can provide these “test” emails.
Otsuka said another key guiding principle is to network on
risks, such as in industry information-sharing forums, and share information
regarding threat intelligence.
“Credit unions with a CUNA Mutual Group cyber liability
insurance policy may be eligible for a discounted membership fee for the
Financial Services Information Sharing and Analysis Center (FS-ISAC),” said
Otsuka.
To learn more, visit www.cunamutual.com/fs-isac
Comments
Post a Comment
Please no profanity or political comments.