'Anatomy' Of A Ransomware Attack

By Ray Birch

BALTIMORE—Credit unions should brace for almost a month of major problems if they’re victimized by a ransomware attack, according to one cybersecurity expert, whose insights into the “anatomy” of a ransomware attack are coming at the same time nearly 60 CUs are currently trying to restore their own operations.

As those credit unions have come to learn, it takes on average 22 days to get through a ransomware attack and get to the other side, that same expert stated.

That information and additional insights were shared during a webinar hosted by cybersecurity firm Think/Stack, which that was held to provide CUs with insights and answers regarding ransomware in light of the recent attack that that continues to affect those five-dozen CUs hit by an attack on a common vendor.

“We're all being targeted, and this (recent attack) could have happened to anybody,” said Cal Bowman, Think/Stack VP of client innovation and strategy, referring to an attack on the CUSO Ongoing Operations that in turn affected the data processor Fedcomp. “So, it's really important we all recognize that every one of you here has vendors, has partners that are vulnerable. Therefore, the question is, are you ready to respond to any type of large-scale event that really can cripple your organization?”

What’s Been Learned

Bowman said a goal of the webinar, which was attended by more than 300 credit unions, was to walk through what happens during a ransomware attack and share what his company has learned supporting CUs that have been victimized by such attacks.

Think/Stack VP of Security and Risk Jennifer Anthony said when a ransomware attack occurs in an organization it frequently creates the “fog of war.”

“What you will see in a generalized ransomware attack is the tactical and technical pieces that begin to happen over the first couple days,” Anthony explained.

But at the same time a credit union is seeking to find a tactical path through that fog, the emotional side of the battle must be given attention, as employees struggle to get the CU operating again, Anthony said.

“There is confusion and concern,” she said. “Maybe someone can't get on to a system they previously could access. Maybe there's a service that's not working and folks are starting to feel confused about what's going on. All this is happening as your technical teams in the background are beginning to quickly investigate the source of the problem.”

Anthony emphasized a credit union involved in a ransomware attack should be prepared to spend at least three weeks dealing with it.

The Internal Threat

As CUToday.info has reported and as credit unions are frequently warned, ransomware attacks often occur due to an employee opening the door by falling for a phishing scam or downloading a file they believe to be safe.

“This is a function of human performance,” she noted. “We all begin to look for who's at fault, who did something they were not supposed to do that caused this. What we tell organizations is that when you get caught in that space, you should not spend a lot of time trying to figure out who to point the finger at, (but instead spend) time trying to figure out how to get out of the situation.”

Not surprisingly, Anthony described the working environment following an attack as “chaotic.”

‘Everyone’s Scared’

“Everyone's scared. We're not sure what's going on and maybe we have members who are really angry. Maybe we have board members that are really angry, or leaders that are really angry,” she said. “The goal at this point is to figure out how to get past it. We'll figure out who's to blame or what's to blame, or how we can prevent it in the future at a later point.”

It's an issue credit unions should take seriously, according to Anthony, who said there is a growing ransomware threat to the not-for-profit co-ops.

“In the last seven months we worked with six credit unions who individually found themselves in this space,” she said. “This is something that's happening on a regular basis, across all industries.”

Anthony reminded that as the credit union moves through a ransomware incident many employees will be feelin remorse and concern over fellow workers in IT who are working feverishly to restore operations.

“They feel like they are at fault for what is going on, and that is a very difficult place to be,” she said. “The technical teams are trying to figure out how to remediate the situation. I've been in organizations where technical teams are working nonstop, around the clock, for days and days. The credit union then is trying to figure out how do we feed people? How are we going to send people home to sleep so they can come back and be effective—because you are in this fight for a long time and there is a lot of pressure on everyone.”

Like Being in a Battle

Anthony likened the experience to those who fight in a war.

“I spent 20 years in the in the United States military, and this is a roller coaster akin to what a service member might experience in their daily lives—and this can be traumatic,” she said.

She urged credit unions to consider where they are vulnerable.

“We know 93% of ransomware attacks are in Windows-based environment,” she said. “If we listed them in order of frequency of occurrence, how they occur, here's what they would be: Number one is e-mail phishing campaigns. Number two would be (remote desktop protocol or RDP) vulnerabilities. And number three would be software vulnerabilities.”

The Long-Term Affects

While those 22 days are the typical time from attack to restoration of service, Anthony said the repercussions are felt for many months afterward.

“With the recovery efforts and return to operation, the average time for an organization to move through that is about nine months,” she said. “The attack is not the only thing organizations have to grapple with; there are follow-on impacts that are significant. If you're an organization that has about 500 employees, your average recovery cost is going to be about $3.1 million. If an attacker is successful in extracting information from your environment, you'll have to deal with the impacts of that.”

Steps to Take

What steps should credit unions take today to prevent an attack? CUToday.info will share those in a follow-up report.

Comments

Sunday Reading - What's the point of a consumer electronics show?

What's the point of a consumer electronics show? Consumer electronics shows are large convention-type events where companies debut new technologies and products. The largest and most notable shows are CES in Las Vegas, a trade show every January, and IFA Berlin, which takes place annually in September. The events have historically introduced novel, cutting-edge products that later became household standards, like HDTVs, VCRs, DVDs, and gaming consoles ( see list ). Over time, these shows evolved from product showcases ( see last year's coolest gadgets ) into complex industry ecosystems, serving as a meeting ground for startups, multinational technology companies, investors, and the media. Hardware launches, keynote speeches, and...

Read Complete Article HERE>»

Auto Link, Home Link, and CalcuLink Unite Under New Parent Brand: Centergy Solutions

Auto Link, Home Link, and CalcuLink Unite Under New Parent Brand: Centergy Solutions Auto Link announced a major rebrand that unifies its three established product lines- Auto Link, Home Link, and CalcuLink- under one cohesive parent brand. The transition marks a strategic evolution designed to simplify the company’s ecosystem, strengthen product synergy, and enhance the overall experience for credit unions and the members they serve. The new Centergy Solutions brand reflects the company’s mission to deliver a more connected and integrated suite of digital tools across auto and home lending, auto and home buying, and financial decision-making. From an operational perspective, the unified brand also allows Centergy Solutions to accelerate innovation and improve platform alignment. Under the new parent brand: • Auto Link continues to support financial institutions with industry-leading digital auto lending tools that boost member engagement and loan volume. • Home Link provides consume...

Read Complete Article HERE>»

Eight Credit Unions Pay $42 Million in Special Dividends to 1.1 Million Members

By Jim DuPlessis | January 05, 2026 at 04:00 PM So far this season, CU Times has tallied 19 credit unions, which have announced $160.3 million in special dividends for members. Eight more credit unions have reported special dividends, paying their 1.1 million members $42.1 million in December and January. The bulk of the dividends came from Police and Fire Federal Credit Union of Philadelphia and Eastman Credit Union of Kingsport, Tenn., which each announced $16 million in rewards approved by their boards. The late January payout from Eastman ($9.7 billion, 356,492 members) will bring its total special dividends to $225 million since 1998. A news release from the credit union said “the Extraordinary Dividend is never guaranteed, but the strong financial performance of ECU in 2025 enabled the Board of Directors to approve this year’s $16 million payout.” Eastman’s $16 million payout represents about $47 per member and 19 basis points of its averag...

Read Complete Article HERE>»

Temporary Corporate Credit Union Share Guarantee Expires December 31, 2012

NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: March 2012 LETTER No.: 12-CU-03 TO: Federally Insured Credit Unions SUBJ: Temporary Corporate Credit Union Share Guarantee Expires December 31, 2012 Page Content Dear Board of Directors and Chief Executive Officers: We are entering the final phase in the successful stabilization of the corporate credit union system. By the end of this year, all products and services offered by conserved corporate credit unions will be seamlessly transitioned to other providers – with no interruption of service to members. In the meantime, all ongoing corporate credit unions are meeting NCUA’s higher regulatory standards for capital, investments, and governance. ***READ COMPLETE LETTER; Temporary Corporate Credit Union Share Guarantee Expires December 3...

Read Complete Article HERE>»

What Trump’s ‘one big beautiful’ tax-and-spending package means for your money!

Trump’s megabill will bring sweeping changes for household finances. President Donald Trump signed his “one big beautiful” tax-and-spending package on July 4 — legislation that will bring sweeping changes to Americans’ finances. After the Senate passed its version on July 1, the House Republicans on July 3 voted to approve the multi-trillion-dollar domestic policy legislation and send it to Trump’s desk for signature. The final bill makes permanent Trump’s 2017 tax cuts while adding new relief, including a senior “bonus” to offset Social Security taxes and a bigger state and local tax deduction . The plan also has tax breaks for tip income , overtime pay and auto loans , among other provisions. The GOP’s marquee legislation will also enact deep spending cuts to social safety net programs such as Medicaid and food stamp benefits, end tax credits tied to clean energy an...

Read Complete Article HERE>»

"Cheers to 2026: Thank You for 25 Years"

As we close out 2025, we want to take a moment to extend our heartfelt gratitude to each and every member and supporter of the National Council of Firefighter Credit Unions Inc (NCOFCU). For the past two and a half decades, your unwavering support and dedication have been instrumental in helping us achieve our vision of becoming the leading credit union association dedicated to serving first responders and their families. Thanks to your commitment, we have prioritized education for your volunteer directors and staff, ensuring they are equipped with the knowledge and skills to serve your credit union communities effectively. Together, we have elevated the operational excellence of credit unions through targeted training and support, making a real difference in the lives of first responders and their families. Your involvement has been the cornerstone of our success, and we are truly grateful for the trust you have p...

Read Complete Article HERE>»

What Will 2026 Hold for CUs?

NEW YORK—As credit unions look to the new year, forecasters heading into 2026 see the U.S. economy cooling but not collapsing, with slower job growth, easing inflation and modest interest-rate cuts forming the backbone of a “soft-landing” outlook that still hinges on big unknowns: trade policy, geopolitics, fiscal decisions in Washington and whether households keep spending after several years of higher prices. Credit union leaders know they have a stake in all of that and more. In addition to the economic forecasts below, the CU Daily also other 2026-related previews, including: 2026 Forecast: The Auto Sales, Lending Trends to be Watching 2026 Forecast: What Companies are Saying About Hiring in New Yea r 2026 Forecast: FASB Puts Two Digital Asset Topics on its Agenda 2026 Forecast: How One Large Bank is Deploying Generative AI 2026 Forecast: Automobile Prices to Remain High as Loan Terms Get Longer 2026 Forecast: Is This a Model for How CUs Might Approach Workforce & AI? What the ...

Read Complete Article HERE>»

Become a Royal Credit Union

Welcome Royal Member Services Royal Member Services About Royal We stand behind the most dependable automotive service plans in the business. We offer a range of automotive service plans for new and used vehicles that provide exceptional protection against repair costs while increasing dealer value on each and every sale. Our plans are backed by more than 50 years of dependability and customer satisfaction. We offer a world-class service organization, marketing, training, and a complete line of services. We have plans to fit most every vehicle and consumer budget. Call today and put Roya...

Read Complete Article HERE>»

CO-CEOs 1 Small CU's Succession Planning Solution

By Ray Birch ROANOKE, Va.—Is an answer to the succession planning problem at small credit unions creating "co-CEO" positions? One $103-million credit union that has two chief executive officers believes it is a solution for a number of small shops that lack a succession plan for their leader. Roanoke Valley Community CU is led by Pam Duke and Lauren Whitmire. The co-bosses spoke with CUToday.info about how having a small team leading the organization has made it more successful and the job of running the show easier. "As I am heading towards retirement, I wanted to make sure we had a succession plan in place for this credit union," said Duke, who is 61. "In the credit union movement, generally, it's difficult to replace CEOs at small credit unions. I've been here 16 years, and Lauren has been here 14. We wanted to make sure this credit union continues on, even if she or I would leave." Duke explained that her focus at RVCU is on the lending side, o...

Read Complete Article HERE>»

US Fed lifts rates by 50 basis points

Recent indicators point to modest growth in spending and production. Job gains have been robust in recent months, and the unemployment rate has remained low. Inflation remains elevated, reflecting supply and demand imbalances related to the pandemic, higher food and energy prices, and broader price pressures. Russia's war against Ukraine is causing tremendous human and economic hardship. The war and related events are contributing to upward pressure on inflation and are weighing on global economic activity. The Committee is highly attentive to inflation risks. The Committee seeks to achieve maximum employment and inflation at the rate of 2 percent over the longer run. In support of these goals, the Committee decided to raise the target range for the federal funds rate to 4-1/4 to 4-1/2 percent. The Committee anticipates that ongoing increases in the target range will be appropriate in order to attain a stance of monetary policy that is sufficiently restrictive to return inflation t...

Read Complete Article HERE>»

First-responder Credit Union Newsroom

Search This Blog