'Anatomy' Of A Ransomware Attack

By Ray Birch

BALTIMORE—Credit unions should brace for almost a month of major problems if they’re victimized by a ransomware attack, according to one cybersecurity expert, whose insights into the “anatomy” of a ransomware attack are coming at the same time nearly 60 CUs are currently trying to restore their own operations.

As those credit unions have come to learn, it takes on average 22 days to get through a ransomware attack and get to the other side, that same expert stated.

That information and additional insights were shared during a webinar hosted by cybersecurity firm Think/Stack, which that was held to provide CUs with insights and answers regarding ransomware in light of the recent attack that that continues to affect those five-dozen CUs hit by an attack on a common vendor.

“We're all being targeted, and this (recent attack) could have happened to anybody,” said Cal Bowman, Think/Stack VP of client innovation and strategy, referring to an attack on the CUSO Ongoing Operations that in turn affected the data processor Fedcomp. “So, it's really important we all recognize that every one of you here has vendors, has partners that are vulnerable. Therefore, the question is, are you ready to respond to any type of large-scale event that really can cripple your organization?”

What’s Been Learned

Bowman said a goal of the webinar, which was attended by more than 300 credit unions, was to walk through what happens during a ransomware attack and share what his company has learned supporting CUs that have been victimized by such attacks.

Think/Stack VP of Security and Risk Jennifer Anthony said when a ransomware attack occurs in an organization it frequently creates the “fog of war.”

“What you will see in a generalized ransomware attack is the tactical and technical pieces that begin to happen over the first couple days,” Anthony explained.

But at the same time a credit union is seeking to find a tactical path through that fog, the emotional side of the battle must be given attention, as employees struggle to get the CU operating again, Anthony said.

“There is confusion and concern,” she said. “Maybe someone can't get on to a system they previously could access. Maybe there's a service that's not working and folks are starting to feel confused about what's going on. All this is happening as your technical teams in the background are beginning to quickly investigate the source of the problem.”

Anthony emphasized a credit union involved in a ransomware attack should be prepared to spend at least three weeks dealing with it.

The Internal Threat

As CUToday.info has reported and as credit unions are frequently warned, ransomware attacks often occur due to an employee opening the door by falling for a phishing scam or downloading a file they believe to be safe.

“This is a function of human performance,” she noted. “We all begin to look for who's at fault, who did something they were not supposed to do that caused this. What we tell organizations is that when you get caught in that space, you should not spend a lot of time trying to figure out who to point the finger at, (but instead spend) time trying to figure out how to get out of the situation.”

Not surprisingly, Anthony described the working environment following an attack as “chaotic.”

‘Everyone’s Scared’

“Everyone's scared. We're not sure what's going on and maybe we have members who are really angry. Maybe we have board members that are really angry, or leaders that are really angry,” she said. “The goal at this point is to figure out how to get past it. We'll figure out who's to blame or what's to blame, or how we can prevent it in the future at a later point.”

It's an issue credit unions should take seriously, according to Anthony, who said there is a growing ransomware threat to the not-for-profit co-ops.

“In the last seven months we worked with six credit unions who individually found themselves in this space,” she said. “This is something that's happening on a regular basis, across all industries.”

Anthony reminded that as the credit union moves through a ransomware incident many employees will be feelin remorse and concern over fellow workers in IT who are working feverishly to restore operations.

“They feel like they are at fault for what is going on, and that is a very difficult place to be,” she said. “The technical teams are trying to figure out how to remediate the situation. I've been in organizations where technical teams are working nonstop, around the clock, for days and days. The credit union then is trying to figure out how do we feed people? How are we going to send people home to sleep so they can come back and be effective—because you are in this fight for a long time and there is a lot of pressure on everyone.”

Like Being in a Battle

Anthony likened the experience to those who fight in a war.

“I spent 20 years in the in the United States military, and this is a roller coaster akin to what a service member might experience in their daily lives—and this can be traumatic,” she said.

She urged credit unions to consider where they are vulnerable.

“We know 93% of ransomware attacks are in Windows-based environment,” she said. “If we listed them in order of frequency of occurrence, how they occur, here's what they would be: Number one is e-mail phishing campaigns. Number two would be (remote desktop protocol or RDP) vulnerabilities. And number three would be software vulnerabilities.”

The Long-Term Affects

While those 22 days are the typical time from attack to restoration of service, Anthony said the repercussions are felt for many months afterward.

“With the recovery efforts and return to operation, the average time for an organization to move through that is about nine months,” she said. “The attack is not the only thing organizations have to grapple with; there are follow-on impacts that are significant. If you're an organization that has about 500 employees, your average recovery cost is going to be about $3.1 million. If an attacker is successful in extracting information from your environment, you'll have to deal with the impacts of that.”

Steps to Take

What steps should credit unions take today to prevent an attack? CUToday.info will share those in a follow-up report.

Comments

New CEO Named at SF Fire CU

In San Francisco, – SF Fire Credit Union has appointed Robert Kassab as its president and chief executive Officer. Kassab, who has served as the $1.6-billion credit union’s CFO and most recently as Interim CEO, will lead the organization as it builds on 75 years of community service and pursues an ambitious strategy for growth and member impact, the credit union said in a statement. Robert Kassab “SF Fire Credit Union has a 75-year legacy of doing right by its members, and I take that responsibility seriously,” Kassab stated. Kassab joined SF Fire Credit Union in 2022 as CFO, where he played a central role in strengthening the institution’s financial foundation and positioning the credit union for long-term growth. His appointment as CEO follows a period of interim leadership, during which he worked closely with the board to develop a strategic vision for the credit union’s future, according to SF Fire. An Institution That ‘Deserves Them Back’ “SF Fire Credit Union was built on ...

Read Complete Article HERE>»

Crews Shares Vision For NCUA, Refuses To Enter Board Battle

By Ray Birch WASHINGTON—NCUA nominee John Crews used his Senate Banking Committee confirmation hearing Thursday to lay out an agenda centered on reducing regulatory burden for smaller credit unions, encouraging technological innovation and reviving the formation of new credit unions, while declining to weigh in on the legality of the NCUA's current one-member board because of pending litigation. Although much of the hearing was dominated by sharp questioning of fellow nominee Christopher Phelan over the economy, inflation, tax policy and President Trump's agenda, Crews' exchanges with senators offered insights into how he might approach regulating the credit union system if confirmed. The hearing proceeded despite questions on Capitol Hill over whether it would even take place following Wednesday's political turmoil surrounding President Trump's demand that Congress pass the SAVE America Act before he signs bipartisan housing legislation and the Senate's decisio...

Read Complete Article HERE>»

NCUA Board Meeting Coverage: Here’s Where Deregulation Project Stands

ALEXANDRIA, Va.—An update on NCUA’s ongoing Deregulation Project was provided during the Thursday board meeting. Offering the update was Amanda Parkhill, acting director of the agency’s Office of Examination and Insurance.“There’s a lot going on and we anticipate over 50 rulemaking guidance and policy actions as a result of the deregulation project and other efforts taken to reduce burden and streamline processes,” said Parkhill. “These cover a wide variety of topics from new, innovative technology to long standing anti money laundering and consumer compliance requirements. Many of the actions we are working on involve coordination with other regulators to ensure that requirements are consistent among banks and credit unions.” Parkhill said 31 proposals have been made as part of the Deregulation Projects, two of which are still out for comment. “We are in very stages of finalizing several of the proposed rules,” Parkhill said. adding that objective is to wrap up phas...

Read Complete Article HERE>»

DC Round-Up

HUD Makes ACU-Requested Change; Hearing on Payments Today; CU-Backed Candidate Wins in Utah WASHINGTON–The Department of Housing and Urban Development (HUD) has updated Federal Housing Administration (FHA) quality control requirements to allow greater flexibility and alternatives to appraisal field reviews in a change that had been requested earlier by a coalition of 10 trade groups, including America’s Credit Unions . The new provisions took effect immediately when released in a Mortgagee Letter on June 23, . According to ACU, the change removes the requirement for mortgage lenders, including credit unions, to obtain appraisal field reviews on at least 10% of origination and underwriting quality control reviews. “The change will make field reviews optional for appraisal quality control, maintain FHA’s core appraisal compliance framework, and give lenders the ability to tailor their review methods on a case-by-case-specific risk,” America’s Credit Unions said. “The r...

Read Complete Article HERE>»

Healthcare Fraud Sweep

The Justice Department has charged 455 defendants across 45 states and US territories in a $6.5B healthcare fraud crackdown , which officials described as the largest coordinated enforcement action in its history and the second-largest amount ever charged in a single operation (behind last year’s $14.6B operation). Authorities say the schemes targeted Medicare, Medicaid, and other healthcare programs through fraudulent billing, illegal kickbacks, opioid distribution, and telemedicine operations. Those charged include 90 licensed medical professionals, while 295 defendants are tied to over $500M in false Medicaid claims. Investigators also seized more than $127M in cash, vehicles, jewelry, and other assets tied to the alleged fraud. The two-week crackdown comes amid the Trump administration’s antifraud push, with expanded data-sharing efforts across agencies (scroll to see coordinated effort ). Experts estimate healthcare fraud costs t...

Read Complete Article HERE>»

Facial recognition to secure payments will exceed 1.4 billion globally by 2025

BASINGSTOKE, U.K.– The number of users of software-based facial recognition to secure payments will exceed 1.4 billion globally by 2025, from just 671 million in 2020, according to a new study from Juniper Research. “This rapid growth of 120% demonstrates how widespread facial recognition has become; fueled by its low barriers to entry, a front-facing camera and appropriate software,” Juniper said, noting the research identified the implementation of FaceID by Apple as accelerating the growth of the wider facial recognition market, despite the challenges to facial recognition during the pandemic with face mask use. The research recommends that facial recognition vendors implement robust and rapidly evolving AI based verification checks to ensure the validity of user identity, or risk losing user trust in the authentication method as spoofing attempts increase, Juniper reported. Fingerprint Sensors The new research, Mobile Payment Authentication: Biometrics, Regulation & Market Fore...

Read Complete Article HERE>»

AI Rapidly Reshaping How Consumers Discover, Compare & Choose Banking Products (But Trust Remains an Issue)

Frank Diekmann May 26, 2026 SYDNEY — Artificial intelligence is rapidly reshaping how consumers discover, compare and select banking products, forcing financial institutions to rethink their digital marketing and customer acquisition strategies, according to a new report from Bain & Company . The report, titled “How AI Rewrites the Rules of Brand Discoverability in Banking,” found that AI assistants such as ChatGPT, Claude and Google Gemini are increasingly acting as the first point of contact between consumers and banks, particularly in Australia, where consumers are using the technology to evaluate products, interpret fees and even prepare applications for loans and credit cards. According to Bain & Company, the traditional banking sales funnel — once driven by branches, brokers, advertising and search engine rankings — is rapidly shifting toward AI-generated recommendations and responses. ‘Increasingly Influencing Choice’ “AI assistants increasingly influen...

Read Complete Article HERE>»

47-Second Loan Décisions. Underwriting in Minutes. How AI is Revolutionizing Turnaround Time in Mortgage Lending

May 27, 2026 CU Today TORONTO–While AI has been deployed across a host of back office functions, on the consumer-facing side its promise is increasingly being seen in mortgage lending, where lenders are promising mortgage approval decisions in as little as 47 seconds, reporting that up to a third of inquiries are now being handled by chatbots, and slashing underwriting time to just minutes. Toronto-based TD Bank Group said it has also deployed its first agentic artificial intelligence system in mortgage lending, reducing the time required to prepare applications for underwriting from an average of roughly 15 hours to less than three minutes. According to a statement from TD Bank, the new AI model automates mortgage pre-adjudication — the process that occurs before a human underwriter reviews an application. The bank said the system classifies borrower documents, extracts and validates financial information, calculates income, performs policy and consent checks, identifies discrepancie...

Read Complete Article HERE>»

Boston Firefighters Credit Union Becomes First Responders Credit Union

New name reflects nearly 80 years of service and a growing commitment to first responders across Massachusetts BOSTON, MA, June 15, 2026 — Boston Firefighters Credit Union today announced that it has officially changed its name to First Responders Credit Union , reflecting the broader first responder community the organization serves while honoring the firefighters who founded it nearly 80 years ago. Founded in 1947 by members of the Boston Fire Department, the credit union was established to serve the financial needs of firefighters and their families. Over the decades, it has grown into a trusted financial institution serving firefighters, law enforcement professionals, EMS personnel, civilian employees of first responder agencies, and their families throughout Massachusetts. Today, more than 12,000 members rely on the credit union for banking, lending, and financial guidance tailored to the unique demands of first responder life. While the name is new, the mission is not. ...

Read Complete Article HERE>»

Twenty-Five Years of Showing Up

www.NCOFCU.org/Tucson-AZ-2026 Attendee Registration Schedule at a Glance ...

Read Complete Article HERE>»

First-responder Credit Union Newsroom

Search This Blog