Skip to main content

Ransomware: 'It's A Growing Issue'

MADISON, Wis.—Ransomware attacks, already a quiet concern that has been growing among credit unions, are expected to dramatically increase this year—with one analyst saying there is “no silver bullet” to prevent the threat.
Ransomware is a type of malicious software designed to block access to a computer system or PC until a sum of money is paid. In the case of a financial institution, crooks first use the malware to encrypt the contents of the FI’s data and then extract a ransom in exchange for decrypting the information and allowing the victim to regain access.

It’s an issue, according to one regulator source who asked for anonymity that has been growing within credit unions, many of which have paid ransoms to regain access to their data and have chosen not to speaking publicly about the crime.
“This has become a huge problem,” said Ken Otsuka, senior consultant in CUNA Mutual Group’s risk management department, adding that CUNA Mutual Group’s cyber liability coverage data does not break down the type of cyber-attack that leads to a claim. “The FBI statistics are unnerving.”
According to the FBI, between April 2014 and June 2015 the agency received 992 ransomware complaints, with victims reporting losses of more than $18 million. Overall, reports indicate that losses from ransomware to date range from tens of millions to hundreds of millions of dollars.
Experts are predicting the threat will spread in 2016 due to inexpensive, do-it-yourself ransomware kits that are beginning to become available in underground markets.
“Analysts are concerned that cyber criminals are on the verge of widening the scope of their attacks,” reported ThirdCertainty’s Jaikumar Vijayan. “Researchers at security vendor Emsisoft analyzed a malware tool dubbed Ransom32 that many believe is a harbinger of things to come on the ransomware front.”
Portabile Platform
Ransom32 is the first ransomware tool written entirely in Javascript. That makes it easily portable to other platforms such as Linux and Mac OS X, Vijayan reported.
While reports indicate that ransomware costs can reach as high as $5,000 per user on an infected system, the bigger costs, sources say, come from staff downtime and from the credit union’s damaged reputation among its members.
According to a survey conducted by cloud IT services company Intermedia, many firms do not have a business continuity plan that would help them continue working while under a ransomware attack. Instead, they suffer costly downtime, with 72% not being able to access their files for two days, and 32% for five days or more.
Otsuka confirmed that a business continuity plan to address a ransomware attack is necessary today. He also outlined several steps credit unions should take to defend against ransomware, none more important that backing up data regularly.
“The big item is making sure the credit union has an effective data backup strategy in place so that if the credit union is hit with a ransomware attack and files are unreadable, it can go back to the most recent backup media tape and restore the data and not have to pay the ransom,” said Otsuka.
Otsuka said credit unions should periodically conduct “restore tests,” where they test to see if the data they would use to restore compromised files is usable.
“The time to find out your backup data is not usable is not during the middle of a ransomware attack,” he said.
Steps to Take
Noting there is no “silver bullet,” Otsuka outlined other important steps to guard against ransomware:
·         Securely configure systems and services.
·         Protect against unauthorized access.
·         Perform security monitoring, prevention and risk mitigation.
·         Update information security awareness and training programs to include cyber-attacks involving extortion.
·         Implement and regularly test controls around critical systems.
·         Review, update and test incident response and business continuity plans periodically.
·         Ensure antivirus programs are kept up-to-date.
·         Confirm operating systems and software are kept up-to-date with the latest patches.
·         Block access to personal email accounts.
·         Deploy spam and web filters.
·         Enable pop-up blockers.
As if often the case, in many successful cyber-attacks, staff are often the weak link, said Otsuka. He emphasized that credit unions should regularly test employees to make sure they understand how to prevent against phishing attacks and other email scams that can infect the system.
“I would test employees by sending them phishing-like emails to see how susceptible they are,” said Otsuka, explaining that cyber security companies can provide these “test” emails.
Otsuka said another key guiding principle is to network on risks, such as in industry information-sharing forums, and share information regarding threat intelligence.
“Credit unions with a CUNA Mutual Group cyber liability insurance policy may be eligible for a discounted membership fee for the Financial Services Information Sharing and Analysis Center (FS-ISAC),” said Otsuka.

To learn more, visit www.cunamutual.com/fs-isac

Comments

Popular posts from this blog

Digital Payments Lead the Way Globally: Key Insights from Worldpay Study

According to a recent Worldpay study, digital payments are rapidly becoming the preferred choice worldwide. The research highlights significant shifts in consumer behavior and payment preferences, driven by technological advancements and the growing acceptance of cashless transactions. Key findings from the study reveal that digital payments now account for a substantial portion of global transactions. Mobile wallets, contactless payments, and online banking are gaining traction, reflecting consumers' desire for convenience and speed. This trend is especially prominent in regions like Asia Pacific, where mobile payment adoption is leading the charge. The study also emphasizes the importance of security in fostering consumer trust in digital payments. As fraud concerns continue to rise, businesses must prioritize robust security measures to protect customer information and enhance the payment experience. Moreover, the transition to digital payments is not just about c...

Embracing ARMs And Battling Members’ Misconceptions

With adjustable-rate mortgages back in fashion, credit unions are educating members about the ins and outs of these products, dispelling misunderstandings along the way. With housing stock low, home prices high, and interest rates showing no signs of coming down, many credit unions are turning to adjustable-rate mortgages to help would-be borrowers find a home. ARM loans gained a bad reputation after the 2008 housing crisis and the Great Recession, but credit union leaders insist that with the right education and a clear understanding of how the product works, adjustable-rate mortgages can be an ideal solution for would-be homeowners. The Big Picture53% of those who don’t own a home believe homeownership is out of reach, according to a study from Northwestern Mutual . 58% of millennials feel this way, but roughly half of baby boomers and Gen X share the sentiment. According to Federal Reserve data, the average price of a home topped $510,000 at the end of 2024. That’s 32% higher than f...

Jim Nussle To Retire From America’s Credit Unions

  WASHINGTON—America’s Credit Unions President and CEO Jim Nussle plans to retire from the trade association, ACU announced. ACU said Nussle did not specify an exact date for his retirement but rather expressed his desire to provide the ACU board the “full flexibility” to conduct a search for a CEO over the next several months on a timeline of their choosing, and to ensure his ongoing efforts to champion the organization’s advocacy agenda.   Jim Nussle “Serving credit unions is a deep personal privilege. After a long career in advocacy from both sides of the policy making table, leading CUNA and the honor of helping to create and lead America’s Credit Unions, it is soon time for me to pursue new interests in retirement. My announcement today is intended to provide the board the time to conduct a thorough national search to find the next leader for the Association,” Nussle said.  “My full and ongoing focus will be on our intensive credit union advocacy efforts to prot...

Havoc.’ ‘Debacle.’ Analysts See Rough Road Ahead for Autos With Tariffs

WASHINGTON–What’s known: should President Trump’s tariffs remain in place, new and used vehicle prices are going to get even higher. The unknown: Will members stop buying cars, move from new to used, or given how many buy cars according to payment, move to less-expensive models? The tariffs also may create challenges for credit unions that serve some autoworkers. All of those questions and more remain much in flux with analysts predicting  auto prices could rise by $5,000 to $10,000 per vehicle and wreak havoc on the market as the result of 25% import tariffs on vehicles and auto parts.   As the CU Daily reports separately, however, Black Book believes automakers will spread out the incremental cost of tariffed vehicles across their entire showroom to retain relative vehicle transaction prices. Still, the company expects tariffs to push the average transaction price on vehicles to more than $50,000. ‘A Debacle’ “The tariffs are a debacle of epic proportions for the a...

Zelle Discontinues Standalone App, Shifts Users to Bank and Credit Union Platforms

SCOTTSDALE, Ariz.—The standalone Zelle app is no longer available for sending or receiving money. Users are now encouraged to enroll through a participating bank or credit union’s app to continue using the peer-to-peer payment service, PYMNTS reported. Zelle had announced in an Oct. 31  blog post  that it would make this change, and it completed the move as of Tuesday (April 1), according to a frequently asked questions  page  on its website PYMNTS said/ “More than 2,200 banks and credit unions across the U.S. now offer Zelle through their mobile app or online banking site,” the company said on the FAQ page. “As a result of this growth, in October of 2024, we announced that we are removing the ability for users to send or receive money using the Zelle app starting April 1, 2025.” PYMNTS noted that the page advised users of the Zelle app to visit a “find your bank” page on its website to see if their bank or credit union offers Zelle; to...