'Anatomy' Of A Ransomware Attack

By Ray Birch

BALTIMORE—Credit unions should brace for almost a month of major problems if they’re victimized by a ransomware attack, according to one cybersecurity expert, whose insights into the “anatomy” of a ransomware attack are coming at the same time nearly 60 CUs are currently trying to restore their own operations.

As those credit unions have come to learn, it takes on average 22 days to get through a ransomware attack and get to the other side, that same expert stated.

That information and additional insights were shared during a webinar hosted by cybersecurity firm Think/Stack, which that was held to provide CUs with insights and answers regarding ransomware in light of the recent attack that that continues to affect those five-dozen CUs hit by an attack on a common vendor.

“We're all being targeted, and this (recent attack) could have happened to anybody,” said Cal Bowman, Think/Stack VP of client innovation and strategy, referring to an attack on the CUSO Ongoing Operations that in turn affected the data processor Fedcomp. “So, it's really important we all recognize that every one of you here has vendors, has partners that are vulnerable. Therefore, the question is, are you ready to respond to any type of large-scale event that really can cripple your organization?”

What’s Been Learned

Bowman said a goal of the webinar, which was attended by more than 300 credit unions, was to walk through what happens during a ransomware attack and share what his company has learned supporting CUs that have been victimized by such attacks.

Think/Stack VP of Security and Risk Jennifer Anthony said when a ransomware attack occurs in an organization it frequently creates the “fog of war.”

“What you will see in a generalized ransomware attack is the tactical and technical pieces that begin to happen over the first couple days,” Anthony explained.

But at the same time a credit union is seeking to find a tactical path through that fog, the emotional side of the battle must be given attention, as employees struggle to get the CU operating again, Anthony said.

“There is confusion and concern,” she said. “Maybe someone can't get on to a system they previously could access. Maybe there's a service that's not working and folks are starting to feel confused about what's going on. All this is happening as your technical teams in the background are beginning to quickly investigate the source of the problem.”

Anthony emphasized a credit union involved in a ransomware attack should be prepared to spend at least three weeks dealing with it.

The Internal Threat

As CUToday.info has reported and as credit unions are frequently warned, ransomware attacks often occur due to an employee opening the door by falling for a phishing scam or downloading a file they believe to be safe.

“This is a function of human performance,” she noted. “We all begin to look for who's at fault, who did something they were not supposed to do that caused this. What we tell organizations is that when you get caught in that space, you should not spend a lot of time trying to figure out who to point the finger at, (but instead spend) time trying to figure out how to get out of the situation.”

Not surprisingly, Anthony described the working environment following an attack as “chaotic.”

‘Everyone’s Scared’

“Everyone's scared. We're not sure what's going on and maybe we have members who are really angry. Maybe we have board members that are really angry, or leaders that are really angry,” she said. “The goal at this point is to figure out how to get past it. We'll figure out who's to blame or what's to blame, or how we can prevent it in the future at a later point.”

It's an issue credit unions should take seriously, according to Anthony, who said there is a growing ransomware threat to the not-for-profit co-ops.

“In the last seven months we worked with six credit unions who individually found themselves in this space,” she said. “This is something that's happening on a regular basis, across all industries.”

Anthony reminded that as the credit union moves through a ransomware incident many employees will be feelin remorse and concern over fellow workers in IT who are working feverishly to restore operations.

“They feel like they are at fault for what is going on, and that is a very difficult place to be,” she said. “The technical teams are trying to figure out how to remediate the situation. I've been in organizations where technical teams are working nonstop, around the clock, for days and days. The credit union then is trying to figure out how do we feed people? How are we going to send people home to sleep so they can come back and be effective—because you are in this fight for a long time and there is a lot of pressure on everyone.”

Like Being in a Battle

Anthony likened the experience to those who fight in a war.

“I spent 20 years in the in the United States military, and this is a roller coaster akin to what a service member might experience in their daily lives—and this can be traumatic,” she said.

She urged credit unions to consider where they are vulnerable.

“We know 93% of ransomware attacks are in Windows-based environment,” she said. “If we listed them in order of frequency of occurrence, how they occur, here's what they would be: Number one is e-mail phishing campaigns. Number two would be (remote desktop protocol or RDP) vulnerabilities. And number three would be software vulnerabilities.”

The Long-Term Affects

While those 22 days are the typical time from attack to restoration of service, Anthony said the repercussions are felt for many months afterward.

“With the recovery efforts and return to operation, the average time for an organization to move through that is about nine months,” she said. “The attack is not the only thing organizations have to grapple with; there are follow-on impacts that are significant. If you're an organization that has about 500 employees, your average recovery cost is going to be about $3.1 million. If an attacker is successful in extracting information from your environment, you'll have to deal with the impacts of that.”

Steps to Take

What steps should credit unions take today to prevent an attack? CUToday.info will share those in a follow-up report.

Comments

Growing Your Credit Union Without Expanding Your FOM

For many firefighter and other credit union primarly serving first responders, growth often feels tied to one big decision: expanding the Field of Membership (FOM). But what if you didn’t have to? What if growth could come from within —by deepening relationships, increasing engagement, and capturing more of the financial lives of the members you already serve? The truth is: it can. But it requires a shift in strategy. Rethinking What “Growth” Really Means Most institutions define growth as adding more members. But for single-sponsor credit unions, especially those serving first responders, a more powerful definition is: Growth = more value per member Many members only use one or two products—often a checking account and maybe an auto loan. Meanwhile, larger banks capture mortgages, credit cards, and investments. The opportunity isn’t just new members. It’s: More products per member Higher balances per relationship Greater share of wallet Your Biggest Advantage: The First Responder Life...

Read Complete Article HERE>»

When Vendors Price for Giants

Grant Sheehan CCUE | CEO Opinion: When Vendors Price for Giants, They Shrink the Future of Small Credit Unions ! There’s a quiet squeeze happening in the credit union industry, and it’s not coming from regulators or competition from big banks. It’s coming from the very vendors that claim to support the ecosystem. For small credit unions, the problem is increasingly simple and factual: the tools required to compete with digital banking platforms, fraud systems, compliance software, analytics, and payments infrastructure are priced for institutions ten or even 100 times their size. The result is a market where access to essential services is determined not by mission or member need, but by asset size. This isn’t just inconvenient. It’s structurally threatening. Vendors often defend their pricing models as a reflection of complexity or scale. Larger credit unions have more users, more transactions, more integrations, so they pay more, and that seems fair on the surface. But t...

Read Complete Article HERE>»

Credit Union Lending Picks Up in Most Areas

Credit unions were increasing their portfolios in most areas in June, except business lending and new car loans, where portfolios fell for the 24th month in a row after seasonal adjustments, according to a CUNA Mutual Group report released Tuesday. The Madison, Wis., trade group’s Credit Union Trends Report showed new auto loan balances were $141 billion on June 30, falling at a 3.3% seasonally adjusted, annualized rate from May to June, part of the May-through-October peak car-buying season. Credit unions held $252.4 billion in used car loans on June 30, up 1.2% from May without seasonal adjustments. The Trends Report made slight adjustments to CUNA’s Monthly Credit Union Estimates released earlier in the month. In this case, its changes allowed total auto loan balances to show a slight 0.3% un-adjusted May-to-June gain, compared to being flat in the CUNA report. Steve Rick, chief economist for CUNA Mutual Group and the report’s author, said gains were stronger in other areas, includ...

Read Complete Article HERE>»

The FedNow Service will launch in 2023 "Are you ready?"

The FedNow Service is a new instant payment service that the Federal Reserve Banks are developing to enable financial institutions of every size, and in every community across the U.S., to provide safe and efficient instant payment services in real-time, around the clock, every day of the year. Through financial institutions participating in the FedNow Service, businesses and individuals will be able to send and receive instant payments conveniently, and recipients will have full access to funds immediately, giving them greater flexibility to manage their money and make time-sensitive payments. Consistent with the Federal Reserve’s historical role of providing payment services alongside private-sector providers, the FedNow Service will provide choice in the market for clearing and settling instant payments as well as promote resiliency through redundancy. Financial institutions and their service providers will be able to use the service as a springboard to provide innovative instant p...

Read Complete Article HERE>»

Rick Metsger reminded credit unions the National Credit Union Share Insurance Fund may be required to increase loss reserves as the values of taxi medallions decline.

A LEXANDRIA, Va. (Dec. 8, 2017) – National Credit Union Administration Board Member Rick Metsger today reminded credit unions the National Credit Union Share Insurance Fund may be required to increase loss reserves as the values of taxi medallions decline. “Prices for New York taxi medallions at two recent public auctions have been considerably lower,” Metsger said. “That, combined with a continued increase in already high delinquency rates on medallion loans, suggests the Share Insurance Fund’s reserves may have to increase in the very near future.” Metsger spoke today to the Oregon Department of Financial Services CEO roundtable in Salem, Oregon. His remarks covered various issues related to credit union regulation and the Share Insurance Fund. Metsger said the NCUA issued a Letter to Credit Unions in 2010, warning of concentration risk , and the agency issued a more specific letter on taxi medallion lending in 2014 . “We have known, and warned ...

Read Complete Article HERE>»

Facial recognition to secure payments will exceed 1.4 billion globally by 2025

BASINGSTOKE, U.K.– The number of users of software-based facial recognition to secure payments will exceed 1.4 billion globally by 2025, from just 671 million in 2020, according to a new study from Juniper Research. “This rapid growth of 120% demonstrates how widespread facial recognition has become; fueled by its low barriers to entry, a front-facing camera and appropriate software,” Juniper said, noting the research identified the implementation of FaceID by Apple as accelerating the growth of the wider facial recognition market, despite the challenges to facial recognition during the pandemic with face mask use. The research recommends that facial recognition vendors implement robust and rapidly evolving AI based verification checks to ensure the validity of user identity, or risk losing user trust in the authentication method as spoofing attempts increase, Juniper reported. Fingerprint Sensors The new research, Mobile Payment Authentication: Biometrics, Regulation & Market Fore...

Read Complete Article HERE>»

Credit unions lending rose at a faster pace in most sectors than the small banks last year, according to data released this week by the FDIC and CUNA Mutual Group.

What credit unions lacked in size they made up for in speed compared with community banks and savings institutions in 2017. Credit unions lending rose at a faster pace in most sectors than the small banks last year, according to data released this week by the FDIC and CUNA Mutual Group. CUNA Mutual’s monthly trends report showed credit unions held $984.8 billion in total loans at Dec. 31, up 10.7% from a year earlier and a growth rate more than twice as fast as community banks. Credit union assets rose 6.3% to $1.4 trillion due to a 6.3% increase in deposits, a 3% drop in borrowings and a 7.7% increase in capital. With loan balances growing faster than assets, the loan-to-asset ratio ended 2017 at 70.4%, up from 67.5% a year earlier. The fast loan growth also helped loan delinquency rates fall to 0.79% in December, down from 0.83% a year earlier, according to CUNA Mutual. The FDIC’s Quarterly Banking Profile showed loans at the nation’s 5,670 community banks ...

Read Complete Article HERE>»

Don't say NO to your members anymore!

Does the following scenario occur at your credit union? If it does, we have a solution for you! A member comes in into your credit union and wants to know if you will loan them a couple of hundred thousand $$$ to buy a building, or can you loan him some seed money to start a new business or purchase equipment for the company they currently own, and you say, “the credit union doesn't do those kinds of loans”. Does this sound familiar? How many times do you and your staff say NO and literally tell a member to “go down the street or go somewhere else” ? Well, now, you have another option. CU First Responders Finance (CUFR) CU First Responders Finance, LLC (CUFR) is a partnership between the National Council of Firefighter Credit Unions, Inc. (NCOFCU) , and Biz Lending & Insurance Center, Inc. to provide business lending origination programs to NCOFCU member credit unions. CUFR will provide you with a turnkey operati...

Read Complete Article HERE>»

Americans are using alternative financing arrangements, such as rent-to-own

CUToday PHILADELPHIA–Many Americans are using alternative financing arrangements, such as rent-to-own, that a new report from Pew Charitable Trusts indicates are generally riskier, more costly, and subject to far weaker consumer protections and regulatory oversight than traditional mortgages. Pew Trusts sad the “evidence suggests that a shortage of small mortgages, those for less than $150,000, may be driving some home borrowers (i.e., people who purchase a home with financing) who could qualify for a mortgage into these alternative arrangements. And other factors related to a home’s habitability and the ownership of the land beneath a manufactured home—the modern version of a mobile home—can make certain homes ineligible for mortgage financing altogether.” According to Pew, the evidence of potential consumer harm, little is known about the prevalence of alternative financing in the U.S., primarily because no systematic national data collection exists. Pew said approximate...

Read Complete Article HERE>»

What should your credit union budget for in 2025?

As we enter the fourth quarter, many credit union leaders are starting to turn their attention toward planning for 2025. With a myriad of options and new technology, it’s crucial to prioritize services that set credit unions apart while encouraging growth. In this article, we explore several key areas credit unions should consider when preparing their budgets for the coming year. Expanding membership One significant trend shaping the financial landscape is the exodus of big banks from rural communities . This presents a golden opportunity to expand membership to new communities. However, this expansion doesn’t necessarily require traditional brick-and-mortar branches. Credit unions can leverage technology to provide services efficiently and cost-effectively. Some alternative service delivery methods include: Interactive Teller Machines (ITMs) : These advanced ATMs allow members to interact with a live teller via video, providing a personal touc...

Read Complete Article HERE>»

First-responder Credit Union Newsroom

Search This Blog