'Anatomy' Of A Ransomware Attack

By Ray Birch

BALTIMORE—Credit unions should brace for almost a month of major problems if they’re victimized by a ransomware attack, according to one cybersecurity expert, whose insights into the “anatomy” of a ransomware attack are coming at the same time nearly 60 CUs are currently trying to restore their own operations.

As those credit unions have come to learn, it takes on average 22 days to get through a ransomware attack and get to the other side, that same expert stated.

That information and additional insights were shared during a webinar hosted by cybersecurity firm Think/Stack, which that was held to provide CUs with insights and answers regarding ransomware in light of the recent attack that that continues to affect those five-dozen CUs hit by an attack on a common vendor.

“We're all being targeted, and this (recent attack) could have happened to anybody,” said Cal Bowman, Think/Stack VP of client innovation and strategy, referring to an attack on the CUSO Ongoing Operations that in turn affected the data processor Fedcomp. “So, it's really important we all recognize that every one of you here has vendors, has partners that are vulnerable. Therefore, the question is, are you ready to respond to any type of large-scale event that really can cripple your organization?”

What’s Been Learned

Bowman said a goal of the webinar, which was attended by more than 300 credit unions, was to walk through what happens during a ransomware attack and share what his company has learned supporting CUs that have been victimized by such attacks.

Think/Stack VP of Security and Risk Jennifer Anthony said when a ransomware attack occurs in an organization it frequently creates the “fog of war.”

“What you will see in a generalized ransomware attack is the tactical and technical pieces that begin to happen over the first couple days,” Anthony explained.

But at the same time a credit union is seeking to find a tactical path through that fog, the emotional side of the battle must be given attention, as employees struggle to get the CU operating again, Anthony said.

“There is confusion and concern,” she said. “Maybe someone can't get on to a system they previously could access. Maybe there's a service that's not working and folks are starting to feel confused about what's going on. All this is happening as your technical teams in the background are beginning to quickly investigate the source of the problem.”

Anthony emphasized a credit union involved in a ransomware attack should be prepared to spend at least three weeks dealing with it.

The Internal Threat

As CUToday.info has reported and as credit unions are frequently warned, ransomware attacks often occur due to an employee opening the door by falling for a phishing scam or downloading a file they believe to be safe.

“This is a function of human performance,” she noted. “We all begin to look for who's at fault, who did something they were not supposed to do that caused this. What we tell organizations is that when you get caught in that space, you should not spend a lot of time trying to figure out who to point the finger at, (but instead spend) time trying to figure out how to get out of the situation.”

Not surprisingly, Anthony described the working environment following an attack as “chaotic.”

‘Everyone’s Scared’

“Everyone's scared. We're not sure what's going on and maybe we have members who are really angry. Maybe we have board members that are really angry, or leaders that are really angry,” she said. “The goal at this point is to figure out how to get past it. We'll figure out who's to blame or what's to blame, or how we can prevent it in the future at a later point.”

It's an issue credit unions should take seriously, according to Anthony, who said there is a growing ransomware threat to the not-for-profit co-ops.

“In the last seven months we worked with six credit unions who individually found themselves in this space,” she said. “This is something that's happening on a regular basis, across all industries.”

Anthony reminded that as the credit union moves through a ransomware incident many employees will be feelin remorse and concern over fellow workers in IT who are working feverishly to restore operations.

“They feel like they are at fault for what is going on, and that is a very difficult place to be,” she said. “The technical teams are trying to figure out how to remediate the situation. I've been in organizations where technical teams are working nonstop, around the clock, for days and days. The credit union then is trying to figure out how do we feed people? How are we going to send people home to sleep so they can come back and be effective—because you are in this fight for a long time and there is a lot of pressure on everyone.”

Like Being in a Battle

Anthony likened the experience to those who fight in a war.

“I spent 20 years in the in the United States military, and this is a roller coaster akin to what a service member might experience in their daily lives—and this can be traumatic,” she said.

She urged credit unions to consider where they are vulnerable.

“We know 93% of ransomware attacks are in Windows-based environment,” she said. “If we listed them in order of frequency of occurrence, how they occur, here's what they would be: Number one is e-mail phishing campaigns. Number two would be (remote desktop protocol or RDP) vulnerabilities. And number three would be software vulnerabilities.”

The Long-Term Affects

While those 22 days are the typical time from attack to restoration of service, Anthony said the repercussions are felt for many months afterward.

“With the recovery efforts and return to operation, the average time for an organization to move through that is about nine months,” she said. “The attack is not the only thing organizations have to grapple with; there are follow-on impacts that are significant. If you're an organization that has about 500 employees, your average recovery cost is going to be about $3.1 million. If an attacker is successful in extracting information from your environment, you'll have to deal with the impacts of that.”

Steps to Take

What steps should credit unions take today to prevent an attack? CUToday.info will share those in a follow-up report.

Comments

Birth of the Weekend

Birth of the Weekend Today marks 100 years since Ford Motor Company became one of the first American companies to officially adopt the five-day, 40-hour workweek for factory workers, a decision that reshaped work-life balance. Henry Ford’s idea to eliminate Saturday from the workweek initially met hesitation from some hourly workers worried about reduced pay. However, his daily wages of $5 to $6—roughly double the industry average—helped to ease concerns ( read 1920s reactions ). Ford reportedly redirected Saturday wages to hire thousands more people for Monday through Friday shifts, reducing unemployment. The move also boosted productivity, reduced turnover, strengthened morale, and gave workers more leisure time, some of which they spent buying and traveling in Ford cars. The US formally codified the 40-hour workweek in 1940, mandating overtime pay for hourly employees. More recently, momentum has grown aro...

Read Complete Article HERE>»

Fed Keeps Interest Rates on Hold in Split Decision at Final Meeting of Powell Era

By Keith Griffith April 29, 2026 In an unexpectedly close split decision, Federal Reserve policymakers have decided to keep interest rates on pause in what is likely to be the final meeting under the supervision of Fed Chair Jerome Powell . Powell joined the 8-4 majority on the Federal Open Market Committee to vote in favor of leaving the federal funds rate unchanged at Wednesday's meeting in Washington, DC, judging inflation as running too hot to justify a rate cut. At a press conference after the vote, Powell revealed that he will remain on the board of governors as a regular member after his term as chairman ends, saying: "After my term as chair ends on May 15, I will continue to serve as a governor for a period of time to be determined. I plan to keep a low profile as a governor. There is only ever one chair of the Federal Reserve Board." Read the complete story here.

Read Complete Article HERE>»

How did the Supreme Court become so powerful?

A court designed to be the least powerful branch became one of the most influential institutions in history. 1440 Explores host Sony Kassam dives inside the Supreme Court of the United States, with help from Yale Law professor Akhil Reed Amar, to uncover how it gained extraordinary authority, what really happens behind closed doors, and why its power has become one of the most fiercely contested questions in modern democracy. ================================================= Remember, you're not alone with NCOFCU.org Join/Upgrade Check out some of NCOFCU's additional features: Annual Conference First Responder Credit Union Academy Financial Literacy Podcasts YouTube Mini's Advocacy

Read Complete Article HERE>»

Syracuse Fire Department Credit Union.

================================================= Remember, you're not alone with NCOFCU.org Join/Upgrade Check out some of NCOFCU's additional features: Annual Conference First Responder Credit Union Academy Financial Literacy Podcasts YouTube Mini's Advocacy

Read Complete Article HERE>»

How's Your Posture?

April Blog How's Your Posture? Scenario Planning Is Dead! Long Live Strategic Posture. by That One Consultant You Hired and Then Ignored Somewhere in your credi...

Read Complete Article HERE>»

Boston Firefighters Credit Union Taps Tech Leader Elizabeth Adcock to Drive Digital Future

Boston Firefighters Credit Union is bringing in some serious digital firepower. The organization just named Elizabeth Adcock as its new Chief Digital & Information Officer—a role that’s all about steering the credit union into a more tech-savvy, member-focused future. If you’re wondering why this matters, consider the timing. BFCU is in the middle of a major digital evolution, expanding its reach across Massachusetts while staying true to its core mission: serving first responders and their families. Enter Adcock, a technology executive with a track record of turning complex tech challenges into real-world wins. “I’m thrilled to welcome Elizabeth as our Chief Digital & Information Officer,” said Danielle Milner, President & CEO of Boston Firefighters Credit Union. “She is the rare combination of strategic vision, digital expertise, and human-centered leadership. Paired with her deep commitment to bring greater innovation to first responders and their families, her ser...

Read Complete Article HERE>»

IRS Reporting Proposal Scaled Back, but Still 'Flawed'

On Tuesday, Senate Democrats distributed an update to the controversial IRS reporting requirements that the credit union industry has been very vocally opposed to since it was unveiled in late June. According to the updated proposal rolled out Tuesday, it would require financial institutions to report inflows and outflows of personal and business accounts, as well as transfers between accounts of the same owner, if it is more than $10,000 per year. The proposal floating around for the past four months had the threshold at $600 per year. The requirements do not apply to payroll deposits for wages or to those receiving Social Security benefits. In response to the updated IRS reporting proposal, NAFCU President/CEO Dan Berger said, “It has become abundantly clear that Americans oppose the IRS obtaining additional information on their financial accounts. The updated plan is nothing more than window dressing in an attempt to shore up support for a flawed proposal. Instead of creating financ...

Read Complete Article HERE>»

Reactions To Historic NAFCU/CUNA Merger

By Ray Birch CUToday WASHINGTON–Just what will the proposed merger between CUNA and NAFCU mean to individual credit unions? A survey of CUToday.info of CEOs across the country has found generally neutral to positive reactions, with many taking a wait-and-see approach, but others having concerns over a lack of “checks and balances,” compensation paid to association executives, and fewer resources for smaller credit unions. The CUToday.info poll of CEOs on the question of having just one national trade association representing the nation’s 4,800 credit unions also found many see benefits from the consolidation, such as a stronger and more unified voice in Washington, greater efficiencies and potentially lower overall costs for membership. CUToday.info has made multiple attempts to get additional comment from CUNA and NAFCU beyond the statements issued earlier this week and asking for more details on the merger and what lies ahead, but both trade groups have declined comment...

Read Complete Article HERE>»

And The Forecast For 2017 Is?

Steven Rick who will be speaking to us in Charlotte, has made the following predictions for 2017. MADISON, Wis. – Increases in housing construction and rising oil prices will drive higher economic growth higher next year, while auto sales should remain robust, according to CUNA Mutual’s chief economist. Steven Rick said credit unions next year can expect a “slight acceleration” in the economy with no signs of a recession until late 2018—good news for CUs looking to expand their reach and services, he said. Rick is further predicting the Fed will boost rates once this year and three times in 2017. “We’re forecasting a modest acceleration in economic growth to 2.4% in 2017 from this year’s very slow 1.6%,” Rick told attendees of CUNA Mutual Group’s seventh annual Discovery Conference. “An inventory correction, reduced energy sector investment due to falling oil prices, and the negative impact of the rising dollar on our exports all contributed to the U.S. economy’s slower gro...

Read Complete Article HERE>»

Ten-Year Treasury Hits a 15-Year High

WASHINGTON–The yield on the 10-year U.S. Treasury note has hit a 15-year high, which could lead to higher costs for many borrowers. The increase in yields is also “raising concern” on Wall Street about the potential fallout in the stock, bond and housing markets, the Wall Street Journal added. A key benchmark for interest rates across the economy, the 10-year yield settled at 4.258%, according to Tradeweb, up from 4.220% earlier this week, marking its highest close since June 2008, months before the collapse of Lehman Brothers and expansive Federal Reserve policy “ushered in more than a decade of historically low bond yields,” the Journal added. ‘Nervous’ Investors “The rise in yields is making investors nervous, because past surges have at...

Read Complete Article HERE>»

First-responder Credit Union Newsroom

Search This Blog