'Anatomy' Of A Ransomware Attack

By Ray Birch

BALTIMORE—Credit unions should brace for almost a month of major problems if they’re victimized by a ransomware attack, according to one cybersecurity expert, whose insights into the “anatomy” of a ransomware attack are coming at the same time nearly 60 CUs are currently trying to restore their own operations.

As those credit unions have come to learn, it takes on average 22 days to get through a ransomware attack and get to the other side, that same expert stated.

That information and additional insights were shared during a webinar hosted by cybersecurity firm Think/Stack, which that was held to provide CUs with insights and answers regarding ransomware in light of the recent attack that that continues to affect those five-dozen CUs hit by an attack on a common vendor.

“We're all being targeted, and this (recent attack) could have happened to anybody,” said Cal Bowman, Think/Stack VP of client innovation and strategy, referring to an attack on the CUSO Ongoing Operations that in turn affected the data processor Fedcomp. “So, it's really important we all recognize that every one of you here has vendors, has partners that are vulnerable. Therefore, the question is, are you ready to respond to any type of large-scale event that really can cripple your organization?”

What’s Been Learned

Bowman said a goal of the webinar, which was attended by more than 300 credit unions, was to walk through what happens during a ransomware attack and share what his company has learned supporting CUs that have been victimized by such attacks.

Think/Stack VP of Security and Risk Jennifer Anthony said when a ransomware attack occurs in an organization it frequently creates the “fog of war.”

“What you will see in a generalized ransomware attack is the tactical and technical pieces that begin to happen over the first couple days,” Anthony explained.

But at the same time a credit union is seeking to find a tactical path through that fog, the emotional side of the battle must be given attention, as employees struggle to get the CU operating again, Anthony said.

“There is confusion and concern,” she said. “Maybe someone can't get on to a system they previously could access. Maybe there's a service that's not working and folks are starting to feel confused about what's going on. All this is happening as your technical teams in the background are beginning to quickly investigate the source of the problem.”

Anthony emphasized a credit union involved in a ransomware attack should be prepared to spend at least three weeks dealing with it.

The Internal Threat

As CUToday.info has reported and as credit unions are frequently warned, ransomware attacks often occur due to an employee opening the door by falling for a phishing scam or downloading a file they believe to be safe.

“This is a function of human performance,” she noted. “We all begin to look for who's at fault, who did something they were not supposed to do that caused this. What we tell organizations is that when you get caught in that space, you should not spend a lot of time trying to figure out who to point the finger at, (but instead spend) time trying to figure out how to get out of the situation.”

Not surprisingly, Anthony described the working environment following an attack as “chaotic.”

‘Everyone’s Scared’

“Everyone's scared. We're not sure what's going on and maybe we have members who are really angry. Maybe we have board members that are really angry, or leaders that are really angry,” she said. “The goal at this point is to figure out how to get past it. We'll figure out who's to blame or what's to blame, or how we can prevent it in the future at a later point.”

It's an issue credit unions should take seriously, according to Anthony, who said there is a growing ransomware threat to the not-for-profit co-ops.

“In the last seven months we worked with six credit unions who individually found themselves in this space,” she said. “This is something that's happening on a regular basis, across all industries.”

Anthony reminded that as the credit union moves through a ransomware incident many employees will be feelin remorse and concern over fellow workers in IT who are working feverishly to restore operations.

“They feel like they are at fault for what is going on, and that is a very difficult place to be,” she said. “The technical teams are trying to figure out how to remediate the situation. I've been in organizations where technical teams are working nonstop, around the clock, for days and days. The credit union then is trying to figure out how do we feed people? How are we going to send people home to sleep so they can come back and be effective—because you are in this fight for a long time and there is a lot of pressure on everyone.”

Like Being in a Battle

Anthony likened the experience to those who fight in a war.

“I spent 20 years in the in the United States military, and this is a roller coaster akin to what a service member might experience in their daily lives—and this can be traumatic,” she said.

She urged credit unions to consider where they are vulnerable.

“We know 93% of ransomware attacks are in Windows-based environment,” she said. “If we listed them in order of frequency of occurrence, how they occur, here's what they would be: Number one is e-mail phishing campaigns. Number two would be (remote desktop protocol or RDP) vulnerabilities. And number three would be software vulnerabilities.”

The Long-Term Affects

While those 22 days are the typical time from attack to restoration of service, Anthony said the repercussions are felt for many months afterward.

“With the recovery efforts and return to operation, the average time for an organization to move through that is about nine months,” she said. “The attack is not the only thing organizations have to grapple with; there are follow-on impacts that are significant. If you're an organization that has about 500 employees, your average recovery cost is going to be about $3.1 million. If an attacker is successful in extracting information from your environment, you'll have to deal with the impacts of that.”

Steps to Take

What steps should credit unions take today to prevent an attack? CUToday.info will share those in a follow-up report.

Comments

Honoring Our Member Credit Unions Ranked Among the Top 100 in 2025

Celebrating Excellence: Honoring Our Member Credit Unions Ranked Among the Top 100 in 2025 Best-performing US credit unions of 2025 At NCOFCU, we take immense pride in the strength, resilience, and impact of our member credit unions. Today, we are thrilled to recognize and celebrate several of our members who have earned a place among the Top 100 Best Performing Credit Unions of 2025 —a testament to their unwavering commitment to service, financial stewardship, and community leadership. This achievement is not just about rankings—it reflects the daily dedication to members, the trust built within communities, and the innovation that continues to drive our movement forward. 🌟 Our Honored Members We proudly congratulate the following institutions for their outstanding performance: #7 – Long Beach Firemen's Credit Union A remarkable top-10 finish that highlights exceptional operational excellence and member value. Long Beach Firemen’s CU continues to set a high bar for perform...

Read Complete Article HERE>»

Fire Police City County FCU rebrands to reflect company growth

FORT WAYNE, Ind. (WANE) – A federal credit union with a long history in the Fort Wayne area is changing its name to something that the company said Tuesday reflects its ability to serve a larger sector. Fire Police City County Federal Credit Union, founded in 1933, will go by Summit Choice Credit Union starting in April. Members and locals will start to notice new signage and aesthetic changes at each branch throughout the month. The rebranding does not affect the credit union’s structure, ownership, or member accounts, according to the news release. Summit Choice Credit Union remains a member-owned financial cooperative, governed by the same principles and operated by the same team. Its website reminds members that new cards are being issued due to the rebranding. The credit union was originally formed for the families of local firefighters. Today, it serves employees of more than 350 local businesses around greater Fort Wayne. “Adopting the name Summit Choice Credi...

Read Complete Article HERE>»

The United States at 250: How the Country Has Changed in the Past 50 Years

In July, the United States will celebrate its 250th anniversary. The country’s last major milestone was 50 years ago, at its bicentennial on July 4, 1976. U.S. society has changed profoundly since then. Over the past five decades, the U.S. population has aged significantly, with the percentage of people 65 and older nearly doubling. The country has also become more racially and ethnically diverse, as growing shares of people identify as Asian or Hispanic. And following more than 70 million immigrant arrivals, the percentage of foreign-born people in the population has more than tripled. Americans are also less likely to be married than ever before. Women – who now have far more options outside of the home than they did in 1976 – have contributed to a boom in higher education and helped expand the workforce. And even though many Americans are financially better off than they were 50 years ago, econ...

Read Complete Article HERE>»

Sunday Reading - Landmine Rat Honored

Landmine Rat Honored Cambodia unveiled the world’s first statue honoring a landmine-detecting rat (w/photo) Friday. Magawa the rat lived to 8 years old and identified more than 100 landmines and other explosives from 2016 to 2021. There are more than 100 African pouched rats deployed in landmine detection operations across the world. To identify mines, the rats are trained to sniff out explosive compounds like trinitrotoluene, or TNT. (The rats are not heavy enough to trigger detonation.) In Cambodia, up to 6 million landmines remain undiscovered, most planted during three decades of conflict, from the Vietnam War era through Cambodia's civil war . Since 1979, roughly 20,000 people have been killed in Cambodia, and roughly 40,000 wounded as a result of the mines. Magawa cleared more than ...

Read Complete Article HERE>»

Several CU Economists Envision More Rate Increases This Year After Wednesday's Historic Hike

The Federal Reserve raised rates by 75 basis points Wednesday, citing robust job gains, low unemployment and inflation. The Federal Open Market Committee’s unanimous agreement on the increase was on par with economists’ expectations, and followed a 75-bps increase in June that was the largest increase in 30 years. The committee raised its target range for the federal funds rate to 2.25% to 2.50%, and expects it to rise to 3.25% to 3.5% by year’s end. CUNA Senior Economist Dawit Kebede said the Fed’s 75-bps hike puts the federal funds rate at a neutral 2.25% to 2.50%, but its plan to increase its rates another percentage point by the end of the year also raises the risk of recession. NAFCU Chief Economist Curt Long said the Fed was responding to “the hottest inflation numbers in 40 years,” but softening in the economy might lead it to raise rates by a smaller amount when it next meets Sept. 20-21. Mike Fratantoni, chief economist for the Mortgage Bankers Association, sa...

Read Complete Article HERE>»

Where are your children banking?

Grant Sheehan CCUE | CCUP | CEO, NCOFCU The B reach Between Purpose and Experience Just recently, I came across a story that has stayed with me. It wasn’t dramatic in the traditional sense. There was no scandal, no crisis, no headline-grabbing failure. In fact, it was something much quieter than that. It was simply the story of an eighteen-year-old leaving his credit union. On the surface, that might not sound remarkable. Young people move their money frequently. They open new accounts, experiment with apps, follow trends, and often make financial decisions influenced by the digital tools at their disposal. But this story was different. This young man had been a credit union member since he was a few weeks old, as many credit unions do. His mother has spent her career working inside the credit union movement as an executive. For eighteen years, his financial life was connected to a credit union. If anyone might be expected to remain a lifelong member, it wou...

Read Complete Article HERE>»

Employers should take note, as company culture starts with professional development.

Employees and employers alike may have thought they understood company culture, and likely did until recently. Coming to work, knowing company values, interacting with others are all no brainers when it comes to the driving forces that make up company culture. Buy a seismic shift is occurring on two fronts. One, various generations are working together in multiple industries and two; the pandemic has changed attitudes about where work can occur and how that may or may not affect culture. The Linkedin Global Trends 2022 report says more freedom to work where and when employees want, as well as attention to wellbeing, are important demands employers need to consider. Consider the numbers: when picking a new job, 63% of professionals put work-life balance as the top priority. Sixty percent are interested in compensation and benefits and 40% say the colleagues and culture they will be working with are their top priorities. Employers should take note as company culture starts with profess...

Read Complete Article HERE>»

Fed Gets Green Light for Interest Rate Cuts as Unemployment Rate Jumps to 4-Year High

The Federal Reserve is now seen as likely to cut interest rates multiple times before the end of the year, following another weak jobs report that showed unemployment jumping to a four-year high. The U.S. economy added just 22,000 jobs in August, less than economists had expected, the Bureau of Labor Statistics reported Friday. The unemployment rate rose to 4.3%, up slightly from 4.2% in July but hitting the highest level seen since October 2021, when the economy was still recovering from pandemic-driven layoffs. Although the new jobs report was troubling news for the economy, for prospective homebuyers with secure jobs it likely means further easing in mortgage rates in the days to come. Mortgage rates hinge primarily on the yields of 10-year Treasury notes , which plunged Friday to their lowest level since early April, when President Donald Trump 's Liberation Day tariff announcement sparked panic in financial markets. It signals furth...

Read Complete Article HERE>»

Long-Stalled Credit Card Competition Act Moves Forward In Senate Clarity Act Markup

WASHINGTON—A long-stalled bipartisan push to boost competition in the credit card market moved closer to becoming law late Friday, as Sens. Roger Marshall (R-KS) and Dick Durbin (D-IL) advanced a new amendment attached to the Senate Agriculture Committee’s markup of the Digital Asset Market Structure and Investor Protection Act, commonly known as the Clarity Act. Dick Durbin The amendment, a core component of the long-debated Credit Card Competition Act, would prohibit major credit-card networks and large issuing banks from enforcing network exclusivity on credit cards. Supporters argue the measure would expand transaction-routing competition, weaken the dominance of the largest payment networks, and reduce swipe fees that merchants say inflate consumer prices. The renewed momentum reflects President Trump’s recent backing of efforts to rein in credit card costs, a shift that has altered the political trajectory of legislation that has struggled to advance in prior Congresses. With Tru...

Read Complete Article HERE>»

USPS Defends Banking Pilot, While Opponents Call It Illegal

By David Baumann - July 11, 2022 Program has faced opposition from the outset, including from credit union groups, and has struggled to gain real traction. The U.S. Postal Service (USPS) argued this week that the controversial pilot program it is operating i...

Read Complete Article HERE>»

First-responder Credit Union Newsroom

Search This Blog