Skip to main content

'Anatomy' Of A Ransomware Attack

By Ray Birch

BALTIMORE—Credit unions should brace for almost a month of major problems if they’re victimized by a ransomware attack, according to one cybersecurity expert, whose insights into the “anatomy” of a ransomware attack are coming at the same time nearly 60 CUs are currently trying to restore their own operations.

As those credit unions have come to learn, it takes on average 22 days to get through a ransomware attack and get to the other side, that same expert stated.

That information and additional insights were shared during a webinar hosted by cybersecurity firm Think/Stack, which that was held to provide CUs with insights and answers regarding ransomware in light of the recent attack that that continues to affect those five-dozen CUs hit by an attack on a common vendor.

Feature Ransomware Webinar 1

“We're all being targeted, and this (recent attack) could have happened to anybody,” said Cal Bowman, Think/Stack VP of client innovation and strategy, referring to an attack on the CUSO Ongoing Operations that in turn affected the data processor Fedcomp. “So, it's really important we all recognize that every one of you here has vendors, has partners that are vulnerable. Therefore, the question is, are you ready to respond to any type of large-scale event that really can cripple your organization?”

What’s Been Learned

bowman

Bowman said a goal of the webinar, which was attended by more than 300 credit unions, was to walk through what happens during a ransomware attack and share what his company has learned supporting CUs that have been victimized by such attacks.

Think/Stack VP of Security and Risk Jennifer Anthony said when a ransomware attack occurs in an organization it frequently creates the “fog of war.”

“What you will see in a generalized ransomware attack is the tactical and technical pieces that begin to happen over the first couple days,” Anthony explained.

But at the same time a credit union is seeking to find a tactical path through that fog, the emotional side of the battle must be given attention, as employees struggle to get the CU operating again, Anthony said.

“There is confusion and concern,” she said. “Maybe someone can't get on to a system they previously could access. Maybe there's a service that's not working and folks are starting to feel confused about what's going on. All this is happening as your technical teams in the background are beginning to quickly investigate the source of the problem.”

Anthony emphasized a credit union involved in a ransomware attack should be prepared to spend at least three weeks dealing with it.  

The Internal Threat

As CUToday.info has reported and as credit unions are frequently warned, ransomware attacks often occur due to an employee opening the door by falling for a phishing scam or downloading a file they believe to be safe.

“This is a function of human performance,” she noted. “We all begin to look for who's at fault, who did something they were not supposed to do that caused this. What we tell organizations is that when you get caught in that space, you should not spend a lot of time trying to figure out who to point the finger at, (but instead spend) time trying to figure out how to get out of the situation.”

Not surprisingly, Anthony described the working environment following an attack as “chaotic.”

‘Everyone’s Scared’

“Everyone's scared. We're not sure what's going on and maybe we have members who are really angry. Maybe we have board members that are really angry, or leaders that are really angry,” she said. “The goal at this point is to figure out how to get past it. We'll figure out who's to blame or what's to blame, or how we can prevent it in the future at a later point.”

It's an issue credit unions should take seriously, according to Anthony, who said there is a growing ransomware threat to the not-for-profit co-ops.

“In the last seven months we worked with six credit unions who individually found themselves in this space,” she said. “This is something that's happening on a regular basis, across all industries.”

Anthony reminded that as the credit union moves through a ransomware incident many employees will be feelin remorse and concern over fellow workers in IT who are working feverishly to restore operations.

“They feel like they are at fault for what is going on, and that is a very difficult place to be,” she said. “The technical teams are trying to figure out how to remediate the situation. I've been in organizations where technical teams are working nonstop, around the clock, for days and days. The credit union then is trying to figure out how do we feed people? How are we going to send people home to sleep so they can come back and be effective—because you are in this fight for a long time and there is a lot of pressure on everyone.”

Like Being in a Battle

Anthony likened the experience to those who fight in a war.

“I spent 20 years in the in the United States military, and this is a roller coaster akin to what a service member might experience in their daily lives—and this can be traumatic,” she said.

anthony

She urged credit unions to consider where they are vulnerable.  

“We know 93% of ransomware attacks are in Windows-based environment,” she said. “If we listed them in order of frequency of occurrence, how they occur, here's what they would be: Number one is e-mail phishing campaigns. Number two would be (remote desktop protocol or RDP) vulnerabilities. And number three would be software vulnerabilities.”

The Long-Term Affects

While those 22 days are the typical time from attack to restoration of service, Anthony said the repercussions are felt for many months afterward.

“With the recovery efforts and return to operation, the average time for an organization to move through that is about nine months,” she said. “The attack is not the only thing organizations have to grapple with; there are follow-on impacts that are significant. If you're an organization that has about 500 employees, your average recovery cost is going to be about $3.1 million. If an attacker is successful in extracting information from your environment, you'll have to deal with the impacts of that.”

Steps to Take

What steps should credit unions take today to prevent an attack? CUToday.info will share those in a follow-up report.

Comments

Popular posts from this blog

Digital Payments Lead the Way Globally: Key Insights from Worldpay Study

According to a recent Worldpay study, digital payments are rapidly becoming the preferred choice worldwide. The research highlights significant shifts in consumer behavior and payment preferences, driven by technological advancements and the growing acceptance of cashless transactions. Key findings from the study reveal that digital payments now account for a substantial portion of global transactions. Mobile wallets, contactless payments, and online banking are gaining traction, reflecting consumers' desire for convenience and speed. This trend is especially prominent in regions like Asia Pacific, where mobile payment adoption is leading the charge. The study also emphasizes the importance of security in fostering consumer trust in digital payments. As fraud concerns continue to rise, businesses must prioritize robust security measures to protect customer information and enhance the payment experience. Moreover, the transition to digital payments is not just about c...

Embracing ARMs And Battling Members’ Misconceptions

With adjustable-rate mortgages back in fashion, credit unions are educating members about the ins and outs of these products, dispelling misunderstandings along the way. With housing stock low, home prices high, and interest rates showing no signs of coming down, many credit unions are turning to adjustable-rate mortgages to help would-be borrowers find a home. ARM loans gained a bad reputation after the 2008 housing crisis and the Great Recession, but credit union leaders insist that with the right education and a clear understanding of how the product works, adjustable-rate mortgages can be an ideal solution for would-be homeowners. The Big Picture53% of those who don’t own a home believe homeownership is out of reach, according to a study from Northwestern Mutual . 58% of millennials feel this way, but roughly half of baby boomers and Gen X share the sentiment. According to Federal Reserve data, the average price of a home topped $510,000 at the end of 2024. That’s 32% higher than f...

Jim Nussle To Retire From America’s Credit Unions

  WASHINGTON—America’s Credit Unions President and CEO Jim Nussle plans to retire from the trade association, ACU announced. ACU said Nussle did not specify an exact date for his retirement but rather expressed his desire to provide the ACU board the “full flexibility” to conduct a search for a CEO over the next several months on a timeline of their choosing, and to ensure his ongoing efforts to champion the organization’s advocacy agenda.   Jim Nussle “Serving credit unions is a deep personal privilege. After a long career in advocacy from both sides of the policy making table, leading CUNA and the honor of helping to create and lead America’s Credit Unions, it is soon time for me to pursue new interests in retirement. My announcement today is intended to provide the board the time to conduct a thorough national search to find the next leader for the Association,” Nussle said.  “My full and ongoing focus will be on our intensive credit union advocacy efforts to prot...

Havoc.’ ‘Debacle.’ Analysts See Rough Road Ahead for Autos With Tariffs

WASHINGTON–What’s known: should President Trump’s tariffs remain in place, new and used vehicle prices are going to get even higher. The unknown: Will members stop buying cars, move from new to used, or given how many buy cars according to payment, move to less-expensive models? The tariffs also may create challenges for credit unions that serve some autoworkers. All of those questions and more remain much in flux with analysts predicting  auto prices could rise by $5,000 to $10,000 per vehicle and wreak havoc on the market as the result of 25% import tariffs on vehicles and auto parts.   As the CU Daily reports separately, however, Black Book believes automakers will spread out the incremental cost of tariffed vehicles across their entire showroom to retain relative vehicle transaction prices. Still, the company expects tariffs to push the average transaction price on vehicles to more than $50,000. ‘A Debacle’ “The tariffs are a debacle of epic proportions for the a...

Zelle Discontinues Standalone App, Shifts Users to Bank and Credit Union Platforms

SCOTTSDALE, Ariz.—The standalone Zelle app is no longer available for sending or receiving money. Users are now encouraged to enroll through a participating bank or credit union’s app to continue using the peer-to-peer payment service, PYMNTS reported. Zelle had announced in an Oct. 31  blog post  that it would make this change, and it completed the move as of Tuesday (April 1), according to a frequently asked questions  page  on its website PYMNTS said/ “More than 2,200 banks and credit unions across the U.S. now offer Zelle through their mobile app or online banking site,” the company said on the FAQ page. “As a result of this growth, in October of 2024, we announced that we are removing the ability for users to send or receive money using the Zelle app starting April 1, 2025.” PYMNTS noted that the page advised users of the Zelle app to visit a “find your bank” page on its website to see if their bank or credit union offers Zelle; to...