Skip to main content

Ransomware: 'It's A Growing Issue'

MADISON, Wis.—Ransomware attacks, already a quiet concern that has been growing among credit unions, are expected to dramatically increase this year—with one analyst saying there is “no silver bullet” to prevent the threat.
Ransomware is a type of malicious software designed to block access to a computer system or PC until a sum of money is paid. In the case of a financial institution, crooks first use the malware to encrypt the contents of the FI’s data and then extract a ransom in exchange for decrypting the information and allowing the victim to regain access.

It’s an issue, according to one regulator source who asked for anonymity that has been growing within credit unions, many of which have paid ransoms to regain access to their data and have chosen not to speaking publicly about the crime.
“This has become a huge problem,” said Ken Otsuka, senior consultant in CUNA Mutual Group’s risk management department, adding that CUNA Mutual Group’s cyber liability coverage data does not break down the type of cyber-attack that leads to a claim. “The FBI statistics are unnerving.”
According to the FBI, between April 2014 and June 2015 the agency received 992 ransomware complaints, with victims reporting losses of more than $18 million. Overall, reports indicate that losses from ransomware to date range from tens of millions to hundreds of millions of dollars.
Experts are predicting the threat will spread in 2016 due to inexpensive, do-it-yourself ransomware kits that are beginning to become available in underground markets.
“Analysts are concerned that cyber criminals are on the verge of widening the scope of their attacks,” reported ThirdCertainty’s Jaikumar Vijayan. “Researchers at security vendor Emsisoft analyzed a malware tool dubbed Ransom32 that many believe is a harbinger of things to come on the ransomware front.”
Portabile Platform
Ransom32 is the first ransomware tool written entirely in Javascript. That makes it easily portable to other platforms such as Linux and Mac OS X, Vijayan reported.
While reports indicate that ransomware costs can reach as high as $5,000 per user on an infected system, the bigger costs, sources say, come from staff downtime and from the credit union’s damaged reputation among its members.
According to a survey conducted by cloud IT services company Intermedia, many firms do not have a business continuity plan that would help them continue working while under a ransomware attack. Instead, they suffer costly downtime, with 72% not being able to access their files for two days, and 32% for five days or more.
Otsuka confirmed that a business continuity plan to address a ransomware attack is necessary today. He also outlined several steps credit unions should take to defend against ransomware, none more important that backing up data regularly.
“The big item is making sure the credit union has an effective data backup strategy in place so that if the credit union is hit with a ransomware attack and files are unreadable, it can go back to the most recent backup media tape and restore the data and not have to pay the ransom,” said Otsuka.
Otsuka said credit unions should periodically conduct “restore tests,” where they test to see if the data they would use to restore compromised files is usable.
“The time to find out your backup data is not usable is not during the middle of a ransomware attack,” he said.
Steps to Take
Noting there is no “silver bullet,” Otsuka outlined other important steps to guard against ransomware:
·         Securely configure systems and services.
·         Protect against unauthorized access.
·         Perform security monitoring, prevention and risk mitigation.
·         Update information security awareness and training programs to include cyber-attacks involving extortion.
·         Implement and regularly test controls around critical systems.
·         Review, update and test incident response and business continuity plans periodically.
·         Ensure antivirus programs are kept up-to-date.
·         Confirm operating systems and software are kept up-to-date with the latest patches.
·         Block access to personal email accounts.
·         Deploy spam and web filters.
·         Enable pop-up blockers.
As if often the case, in many successful cyber-attacks, staff are often the weak link, said Otsuka. He emphasized that credit unions should regularly test employees to make sure they understand how to prevent against phishing attacks and other email scams that can infect the system.
“I would test employees by sending them phishing-like emails to see how susceptible they are,” said Otsuka, explaining that cyber security companies can provide these “test” emails.
Otsuka said another key guiding principle is to network on risks, such as in industry information-sharing forums, and share information regarding threat intelligence.
“Credit unions with a CUNA Mutual Group cyber liability insurance policy may be eligible for a discounted membership fee for the Financial Services Information Sharing and Analysis Center (FS-ISAC),” said Otsuka.

To learn more, visit www.cunamutual.com/fs-isac

Comments

Popular posts from this blog

Without President’s Signature, ROAD to Housing Act Becomes Law; Includes CU Board Modernization Act

WASHINGTON — The bipartisan 21st Century ROAD to Housing Act became law Friday without President Donald Trump’s signature after the president allowed the measure to take effect while Congress remained in session, choosing not to sign it in protest over the Senate’s failure to advance separate voter identification legislation.  The legislation includes the Credit Union Board Modernization Act, which reduces the frequency with which credit unions must meet and which had strong support from the credit union trade groups.  Trump announced on social media that he would not sign the housing package because the Senate had not passed the SAVE America Act, a measure he has championed requiring proof of citizenship for voter registration. Under the Constitution, a bill becomes law if the president neither signs nor vetoes it within 10 days, excluding Sundays, while Congress is in session.  Scott Simpson ‘Steadfast in Commitment’ “America’s Credit Unions, our league partners, and cr...

Invest in Education - Invest in Tomorrow

 

Inflation Cools in June Report, But One CU Economist Says There’s One Reason–And it Could Change

WASHINGTON — U.S. consumer inflation cooled more than expected in June, offering relief after several months of elevated price pressures, though economists cautioned the improvement could prove temporary as renewed geopolitical tensions threaten to push energy prices higher. The Consumer Price Index fell 0.4% in June on a seasonally adjusted basis, the largest monthly decline since April 2020, after rising 0.5% in May, according to data released Tuesday by the Bureau of Labor Statistics . Compared with a year earlier, consumer prices rose 3.5%, down from 4.2% in May.  Foot off the Gas Dawit Kebede “Falling gas prices led June’s decline and pulled headline inflation lower year-over-year. Renewed hostilities could complicate the energy picture ahead, and a reversal in gasoline costs would be the most likely channel for that pressure to show up,” said America’s Credit Unions Senior Economist Dawit Kebede. “But softening core prices point to broader-based moderation, suggesting the ea...

What You Might Not Know About July 4th.

White Paper from WOCCU Examines How Stablecoins are Reshaping Financial Infrastructure

WASHINGTON– World Council of Credit Unions (WOCCU) has released a new white paper that examines how stablecoins are reshaping the financial infrastructure that credit unions and other cooperative financial institutions rely on to serve their members.  According to WOCCU, the white paper, How Digital Money Is Impacting Credit Unions, Part 1: Focus on Stablecoins , is the first in a planned three-part series exploring how emerging forms of digital money are affecting the global credit union movement.  “The report begins by noting that stablecoins are no longer a niche fintech development, but part of a broader structural shift in how money is stored, moved and regulated,” WOCCU explained. “As commercial banks, payment networks, technology firms and retailers build stablecoin offerings or integrate stablecoin rails into their platforms, credit unions must consider how these changes could affect deposits, payments, member relationships and long-term institutional relevance.” For ...

NCUA Tells FICUs Crypto Trading is OK — If Big Exchanges Provide the Service

When it comes to reading between the lines of financial regulators’ advisory letters, tone matters. Take last week’s letter from the National Credit Union Administration (NCUA) which gave the federally insured credit unions (FICUs) it oversees permission to partner with digital asset providers to allow retail customers to buy, sell and trade in cryptocurrencies. Now compare it to the one issued by Comptroller of the Currency Michael Hsu’s agency to the national banks and federal savings associations it regulates a month earlier. On the surface, both said much the same thing: Financial institutions can provide cryptocurrency services (albeit with some notable differences: the OCC’s letter dealt with more back-end services, including custody services as well as holding and using dollar-pegged stablecoins for transaction settlement). Neither was enthusiastic. The NCUA’s letter said it “does not prohibit FICUs from establishing these relationships” — which is not as enthusiastic as “are a...

New GDP Data is ‘Positive,’ Clouds Clearing, Says NAFCU Economist

WASHINGTON–Although discussion and forecasts continue to focus on a recession in the U.S. economy, economic growth remained solid at the end of 2022, according to new federal data. Curt Long The Commerce Department said U.S. gross domestic product, adjusted for inflation, increased at an annual rate of 2.9% in the fourth quarter of 2022, down slightly from a 3.2% growth rate in the Q3. Consumer spending grew at a 2.1% rate, according to the Commerce Department data, which will be revised at a later date. “The big picture view of economic growth in the fourth quarter is a positive one,” said NAFCU Chief Economist and VP-Research Curt Long. “Much of that grow...

The FedNow Service will launch in 2023 "Are you ready?"

The FedNow Service is a new instant payment service that the Federal Reserve Banks are developing to enable financial institutions of every size, and in every community across the U.S., to provide safe and efficient instant payment services in real-time, around the clock, every day of the year. Through financial institutions participating in the FedNow Service, businesses and individuals will be able to send and receive instant payments conveniently, and recipients will have full access to funds immediately, giving them greater flexibility to manage their money and make time-sensitive payments. Consistent with the Federal Reserve’s historical role of providing payment services alongside private-sector providers, the FedNow Service will provide choice in the market for clearing and settling instant payments as well as promote resiliency through redundancy. Financial institutions and their service providers will be able to use the service as a springboard to provide innovative instant p...

The Federal Reserve has opted to make no changes in interest rates

WASHINGTON–The Federal Reserve has opted to make no changes in interest rates following the conclusion of its meeting here, but it has indicated it could move as soon as next month to cut rates if the United States and China isn’t able to find ways to resolve their trade dispute. As a result,  For now, the Fed left its short-term rate at a range of 2.25% to 2.5%. Eight of the 17 votings, Fed policymakers did predict there could be as a half percentage point decline in rates in 2019. In a statement following its meeting, the Fed did dial down a bit its forecast for the economy.   “In light of these uncertainties and muted inflation pressures, the FOMC will closely monitor the implications of incoming information for the economic outlook and will act as appropriate to sustain the expansion, with a strong labor market” and inflation near the Fed’s 2% goal,” the Fed said.  Fed Chairman Jerome Powell in recent interviews has expressed concerns over what he ...

Auto Lease Volume Should Steadily Increase This Year

By Ray Birch CINCINNATI—Credit unions should expect a U-turn in leasing penetration in 2024, as volume steadily increases, according to one analyst, who is crediting muted economic “turmoil” and consumers’ changing their perspective on car ownership for the shift. “First, I am predicting a relatively turmoil-free year,” Scot Hall, EVP at Swapalease.com , told CUToday.info. “Said differently, no pandemics, no supply chain issues, no strikes, and better general economic factors—lower inflation and improving interest rates. Moreover, dealerships seem to be able to get inventory in most cases.” Hall said leasing, much like the overalll economy itself, just had hurdle after hurdle to overcome during the last several years. “One of those, o...