Skip to main content

Ransomware: 'It's A Growing Issue'

MADISON, Wis.—Ransomware attacks, already a quiet concern that has been growing among credit unions, are expected to dramatically increase this year—with one analyst saying there is “no silver bullet” to prevent the threat.
Ransomware is a type of malicious software designed to block access to a computer system or PC until a sum of money is paid. In the case of a financial institution, crooks first use the malware to encrypt the contents of the FI’s data and then extract a ransom in exchange for decrypting the information and allowing the victim to regain access.

It’s an issue, according to one regulator source who asked for anonymity that has been growing within credit unions, many of which have paid ransoms to regain access to their data and have chosen not to speaking publicly about the crime.
“This has become a huge problem,” said Ken Otsuka, senior consultant in CUNA Mutual Group’s risk management department, adding that CUNA Mutual Group’s cyber liability coverage data does not break down the type of cyber-attack that leads to a claim. “The FBI statistics are unnerving.”
According to the FBI, between April 2014 and June 2015 the agency received 992 ransomware complaints, with victims reporting losses of more than $18 million. Overall, reports indicate that losses from ransomware to date range from tens of millions to hundreds of millions of dollars.
Experts are predicting the threat will spread in 2016 due to inexpensive, do-it-yourself ransomware kits that are beginning to become available in underground markets.
“Analysts are concerned that cyber criminals are on the verge of widening the scope of their attacks,” reported ThirdCertainty’s Jaikumar Vijayan. “Researchers at security vendor Emsisoft analyzed a malware tool dubbed Ransom32 that many believe is a harbinger of things to come on the ransomware front.”
Portabile Platform
Ransom32 is the first ransomware tool written entirely in Javascript. That makes it easily portable to other platforms such as Linux and Mac OS X, Vijayan reported.
While reports indicate that ransomware costs can reach as high as $5,000 per user on an infected system, the bigger costs, sources say, come from staff downtime and from the credit union’s damaged reputation among its members.
According to a survey conducted by cloud IT services company Intermedia, many firms do not have a business continuity plan that would help them continue working while under a ransomware attack. Instead, they suffer costly downtime, with 72% not being able to access their files for two days, and 32% for five days or more.
Otsuka confirmed that a business continuity plan to address a ransomware attack is necessary today. He also outlined several steps credit unions should take to defend against ransomware, none more important that backing up data regularly.
“The big item is making sure the credit union has an effective data backup strategy in place so that if the credit union is hit with a ransomware attack and files are unreadable, it can go back to the most recent backup media tape and restore the data and not have to pay the ransom,” said Otsuka.
Otsuka said credit unions should periodically conduct “restore tests,” where they test to see if the data they would use to restore compromised files is usable.
“The time to find out your backup data is not usable is not during the middle of a ransomware attack,” he said.
Steps to Take
Noting there is no “silver bullet,” Otsuka outlined other important steps to guard against ransomware:
·         Securely configure systems and services.
·         Protect against unauthorized access.
·         Perform security monitoring, prevention and risk mitigation.
·         Update information security awareness and training programs to include cyber-attacks involving extortion.
·         Implement and regularly test controls around critical systems.
·         Review, update and test incident response and business continuity plans periodically.
·         Ensure antivirus programs are kept up-to-date.
·         Confirm operating systems and software are kept up-to-date with the latest patches.
·         Block access to personal email accounts.
·         Deploy spam and web filters.
·         Enable pop-up blockers.
As if often the case, in many successful cyber-attacks, staff are often the weak link, said Otsuka. He emphasized that credit unions should regularly test employees to make sure they understand how to prevent against phishing attacks and other email scams that can infect the system.
“I would test employees by sending them phishing-like emails to see how susceptible they are,” said Otsuka, explaining that cyber security companies can provide these “test” emails.
Otsuka said another key guiding principle is to network on risks, such as in industry information-sharing forums, and share information regarding threat intelligence.
“Credit unions with a CUNA Mutual Group cyber liability insurance policy may be eligible for a discounted membership fee for the Financial Services Information Sharing and Analysis Center (FS-ISAC),” said Otsuka.

To learn more, visit www.cunamutual.com/fs-isac

Comments

Popular posts from this blog

NCOFCU - "Video Mini's" The Federal Reserve

The Federal Reserve, often referred to as the Fed, is the central banking system of the United States. Established in 1913 by the Federal Reserve Act, the Federal Reserve serves several crucial functions in the U.S. economy. Here are the main aspects of the Federal Reserve:  Visit NCOFCU's YouTube channel for more. "Video Mini's" The NCOFCU "Video Minis" are a series of concise 2-3 minute video presentations designed to deliver valuable insights and knowledge on key topics relevant to credit unions. Each video focuses on a specific subject, providing viewers with essential information in a brief and engaging format. These mini-presentations cover a range of subjects. Perfect for busy professionals seeking quick yet impactful content, the Video Minis make it easy to stay informed and enhance your credit union's operations and member services. Join us in exploring these informative and dynamic learning opportunities!

Credit Unions Must Focus On Treasury Rates to Avoid Liquidity Crunch In 2025

By Ray Birch LAKE FOREST, Ill.—Credit unions seeking to avoid a liquidity crunch this year must pay attention to one key fact: deposit rates are now a function of Treasury rates. To protect and gain deposits, CUs must price deposit services with high rates to match government rates, explained Michael Moebs, economist and chair of Moebs $ervices (see graph showing average T-bond rates are all over 4%.) “The U.S Treasury is a competitor you can no longer avoid,” Moebs said. “Rates for transaction accounts, like interest checking and savings, need to be markedly higher for 20% of consumers who hold 80% of the balances for these services.” In March 2023, the Federal Reserve, not the FDIC, bailed out Silicon Valley Bank, guaranteeing all deposits with 90% exceeding the maximum FDIC insurance limits, Moebs pointed out. “Deposit insurance established in June 1933 was forever transformed. Sure, deposit insurance still exists, but is viewed by consumers and small businesses to have a new partne...

President Trump is leading the way toward reduced check usage by phasing out paper checks for government payments.

WASHINGTON—A new  executive order  from President Donald Trump bans paper checks as a form of payment for the federal government. The order was signed noting that Treasury checks are often reported stolen, and face other issues. The order also notes that payments made  to  the federal government are also modernizing. “Check fraud is a perennial concern for the banking industry, growing in recent years – reports doubled from 2021 to 2022. Target stores announced last year that they would stop accepting paper checks,” the Independent Community Bankers of America pointed out. “It's a great sign that the government is leading the way toward reduced check usage by phasing out paper checks for government payments,” said ICBA payments expert Scott Anchin, noting that consumers and financial institutions should maintain the ability to determine appropriate payment mechanisms for specific cases.  ABA President and CEO Rob Nichols said his organization welcomes President ...

5 ways credit unions can future-proof their technology for long-term success

Technology is evolving at lightning speed. If credit unions want to stay relevant and serve their members like rockstars, it’s time to think ahead. While this may sound daunting, it’s actually a thrilling time to be in the financial services business—especially as a credit union. By diving into cloud-based banking, embracing AI to handle manual, repetitive tasks, and doubling down on data security, credit unions can improve their members’ lives, and set themselves up for long-term success. Below are five ways credit unions stay ahead of the competition, no matter what comes next. 1. Embracing cloud-based banking When it comes to the future, transitioning to a cloud-based banking platform is one of the most significant steps a credit union can take, especially in terms of scalability and flexibility. Cloud platforms provide the infrastructure necessary for credit unions to efficiently manage operations, reduce IT costs, and respond quickly to market changes. As if all that wasn’t enough...

Will Fed be Watching ‘That ’70s Show,’ Economy Version? Debate is On

WASHINGTON–When the Fed opted not to raise rates last his week after expressing concerns over lingering inflation—while also stating it sees strength in the economy—there is another word it “dreads” but also didn’t mention, according to a new report. That word? Stagflation, an “an economic curse that is hard to escape.” Stagflation is the term used for a combination of high inflation, stagnant economic growth, and high unemployment. “Eager to soothe worried investors, businesses and consumers, the Fed urged caution about getting too worked up about its forecast, noting that inflation caused by tariffs may not be long lasting,” said CNN in an analysis released after the Fed adjourned this week. “Nevertheless, there’s no cocktail a central banker hates more than high unemployment mixed with high inflation.” Wall Street Gets Jitters The report noted that Wall Street has already begun to sound the alarm about stagflation, Fed Chair Jerome Powell has remained relatively “sanguine.”  “Bu...