'Anatomy' Of A Ransomware Attack

By Ray Birch

BALTIMORE—Credit unions should brace for almost a month of major problems if they’re victimized by a ransomware attack, according to one cybersecurity expert, whose insights into the “anatomy” of a ransomware attack are coming at the same time nearly 60 CUs are currently trying to restore their own operations.

As those credit unions have come to learn, it takes on average 22 days to get through a ransomware attack and get to the other side, that same expert stated.

That information and additional insights were shared during a webinar hosted by cybersecurity firm Think/Stack, which that was held to provide CUs with insights and answers regarding ransomware in light of the recent attack that that continues to affect those five-dozen CUs hit by an attack on a common vendor.

“We're all being targeted, and this (recent attack) could have happened to anybody,” said Cal Bowman, Think/Stack VP of client innovation and strategy, referring to an attack on the CUSO Ongoing Operations that in turn affected the data processor Fedcomp. “So, it's really important we all recognize that every one of you here has vendors, has partners that are vulnerable. Therefore, the question is, are you ready to respond to any type of large-scale event that really can cripple your organization?”

What’s Been Learned

Bowman said a goal of the webinar, which was attended by more than 300 credit unions, was to walk through what happens during a ransomware attack and share what his company has learned supporting CUs that have been victimized by such attacks.

Think/Stack VP of Security and Risk Jennifer Anthony said when a ransomware attack occurs in an organization it frequently creates the “fog of war.”

“What you will see in a generalized ransomware attack is the tactical and technical pieces that begin to happen over the first couple days,” Anthony explained.

But at the same time a credit union is seeking to find a tactical path through that fog, the emotional side of the battle must be given attention, as employees struggle to get the CU operating again, Anthony said.

“There is confusion and concern,” she said. “Maybe someone can't get on to a system they previously could access. Maybe there's a service that's not working and folks are starting to feel confused about what's going on. All this is happening as your technical teams in the background are beginning to quickly investigate the source of the problem.”

Anthony emphasized a credit union involved in a ransomware attack should be prepared to spend at least three weeks dealing with it.

The Internal Threat

As CUToday.info has reported and as credit unions are frequently warned, ransomware attacks often occur due to an employee opening the door by falling for a phishing scam or downloading a file they believe to be safe.

“This is a function of human performance,” she noted. “We all begin to look for who's at fault, who did something they were not supposed to do that caused this. What we tell organizations is that when you get caught in that space, you should not spend a lot of time trying to figure out who to point the finger at, (but instead spend) time trying to figure out how to get out of the situation.”

Not surprisingly, Anthony described the working environment following an attack as “chaotic.”

‘Everyone’s Scared’

“Everyone's scared. We're not sure what's going on and maybe we have members who are really angry. Maybe we have board members that are really angry, or leaders that are really angry,” she said. “The goal at this point is to figure out how to get past it. We'll figure out who's to blame or what's to blame, or how we can prevent it in the future at a later point.”

It's an issue credit unions should take seriously, according to Anthony, who said there is a growing ransomware threat to the not-for-profit co-ops.

“In the last seven months we worked with six credit unions who individually found themselves in this space,” she said. “This is something that's happening on a regular basis, across all industries.”

Anthony reminded that as the credit union moves through a ransomware incident many employees will be feelin remorse and concern over fellow workers in IT who are working feverishly to restore operations.

“They feel like they are at fault for what is going on, and that is a very difficult place to be,” she said. “The technical teams are trying to figure out how to remediate the situation. I've been in organizations where technical teams are working nonstop, around the clock, for days and days. The credit union then is trying to figure out how do we feed people? How are we going to send people home to sleep so they can come back and be effective—because you are in this fight for a long time and there is a lot of pressure on everyone.”

Like Being in a Battle

Anthony likened the experience to those who fight in a war.

“I spent 20 years in the in the United States military, and this is a roller coaster akin to what a service member might experience in their daily lives—and this can be traumatic,” she said.

She urged credit unions to consider where they are vulnerable.

“We know 93% of ransomware attacks are in Windows-based environment,” she said. “If we listed them in order of frequency of occurrence, how they occur, here's what they would be: Number one is e-mail phishing campaigns. Number two would be (remote desktop protocol or RDP) vulnerabilities. And number three would be software vulnerabilities.”

The Long-Term Affects

While those 22 days are the typical time from attack to restoration of service, Anthony said the repercussions are felt for many months afterward.

“With the recovery efforts and return to operation, the average time for an organization to move through that is about nine months,” she said. “The attack is not the only thing organizations have to grapple with; there are follow-on impacts that are significant. If you're an organization that has about 500 employees, your average recovery cost is going to be about $3.1 million. If an attacker is successful in extracting information from your environment, you'll have to deal with the impacts of that.”

Steps to Take

What steps should credit unions take today to prevent an attack? CUToday.info will share those in a follow-up report.

Comments

New York Stock Exchange building venue for 24/7 tokenized stock and ETF exchange

The New York Stock Exchange (NYSE), via its owner Intercontinental Exchange (ICE) , is building a new digital trading venue for 24/7 trading of tokenized stocks and ETFs, using blockchain and stablecoin-based funding for instant settlement, aiming to modernize markets by running parallel to the traditional exchange. This platform will support native digital securities and traditional shares as tokens, allowing for continuous liquidity and integrating digital assets into mainstream finance, with plans to launch later in 2026 after regulatory approval. Key Features of the New NYSE Platform: 24/7 Trading: Operates continuously, unlike the traditional exchange's weekday hours. Instant Settlement: Transactions settle immediately, moving away from the current T+1 (trade date plus one day) model. Stablecoin-Based Funding : Uses stablecoins (digital tokens pegged to fiat currency like the USD) for funding and collateral, streamlining processes outside banking hou...

Read Complete Article HERE>»

Breaking: NCUA Moves to Remove a Major Barrier to Board Service

NCUA just proposed a rule that would allow federal credit unions to reimburse or directly pay reasonable dependent care costs for volunteer officials when those costs are incurred while attending board meetings or performing official duties. Childcare and eldercare costs are real barriers to serving on a board — especially for working professionals, single parents, and caregivers. At the same time, expectations for board engagement, training, and oversight continue to rise. A few important guardrails remain: ✔️ Applies only to federal credit unions ✔️ Covers dependent care only — not lost wages or compensation ✔️ Requires written board policy and reasonable controls ✔️ IRS tax treatment still applies (talk to your CPA) Bottom line: this won't fix board recruitment challenges by itself, but it removes a real friction point for people who want to serve and simply can't absorb the added costs. NCUA is also asking for comments — including whether training and conferences...

Read Complete Article HERE>»

Sunday Reading - How pensions work

The Pension Promise How pensions work Colloquially speaking, pensions are retirement plans that result in employees receiving a fixed amount of money from their former employers during retirement, often for life (although the technical legal definition of pensions is significantly more nuanced ). Unlike “defined contribution plans” like 401(k) plans, “defined benefit plans” like pensions make it so the employer , rather than the employee, determines how much money is set aside for the plan and how it’s invested (often in stocks, bonds, and other assets). In retirement, monthly payouts include both the principal and investment earnings. Employers often use fact...

Read Complete Article HERE>»

Small credit union closures and mergers.

NCOFCU Podcast on the loss of small creditunions. Grant Sheehan CCUE | CEO-NCOFCU examines the rapid decline of small credit unions, why each closure matters to communities, and the threat this trend poses to the cooperative identity and tax protections of the movement. The episode explores practical solutions: larger credit unions acting as stewards, collaboration through shared resources and technology, and the advocacy work of the National Council of Firefighter Credit Unions to amplify every credit union's voice. Listen for a call to action on preserving community-focused financial cooperatives and strengthening the future of the credit union movement. Be sure to visit NCOFCU's "First Responders Credit Unions Academy" for your continued credit union education and certification in meeting N C U A’s requirements. ================================================= Remember, you're not alone with NCOFCU.org Join/Upgrade Check out some of NCOFCU's additional f...

Read Complete Article HERE>»

NCUA Issues 2026 Supervisory Priorities Letter to Credit Unions

Alexandria, VA (January 14, 2026) ― The National Credit Union Administration (NCUA) today announced its 2026 Supervisory Priorities, which continue the agency’s policy of “No Regulation by Enforcement,” while prioritizing safety and soundness. This policy underscores NCUA’s commitment to providing clarity and transparency in its oversight. The letter outlines NCUA’s priorities for the year and provides information to help credit unions prepare for examinations. This year, the agency will continue to focus on risk-based supervision, tailoring the examination scope to the credit union’s unique risk profile. Key Highlights of the 2026 Supervisory Priorities: Risk-Focused Examinations: Examiners will concentrate on areas posing the greatest risk to credit union members, the credit union system, and the Share Insurance Fund. Balance Sheet Management and Lending: With loan performance at its weakest point in over a decade, examiners will review credit risk management practic...

Read Complete Article HERE>»

Moving to a Credit Union Doesn’t Mean Giving Up Rewards Credit Cards

Moving to a Credit Union Doesn’t Mean Giving Up Rewards Credit Cards : "We’ve received a couple questions at NerdWallet about credit unions and rewards credit cards. Generally, the perception is that while credit unions are great for low interest rates and fees, the major banks have the profit margins to spend on a great rewards program. But now, " 'via Blog this'

Read Complete Article HERE>»

What Could Tokenized Deposits Mean for CUs?

WASHINGTON—Noting that the FDIC has expressed support for tokenized deposits as insured bank liabilities, not experimental digital assets, a new analysis offers some insights into what that could mean for financial institutions, credit unions and the market in 2026 and beyond. As PYMNTS Intelligence pointed out in its report, regulatory clarity reduces risk for banks moving from pilots to live deployments, and large banks and infrastructure providers are already testing real-world tokenized deposit use cases. “At its simplest, tokenization converts an existing claim into a digital representation on a distributed ledger,” the report explained. “The underlying asset does not change, but the infrastructure that tracks ownership and settlement does. In banking, that distinction is critical. Tokenized deposits do not create new money. They represent traditional bank deposits, issued and redeemed by regulated institutions but designed to operate on modern, programma...

Read Complete Article HERE>»

How Does Compensation Compare for Women Credit Union Executives?

BFB a NCOFCU Supporter! Guest post written by Chris Burns-Fazzi, Principal, Burns-Fazzi, Brock For many industries, gender equity has been a topic of discussion. Have you ever wondered how men and women compare as credit union executives and the compensation they receive? We did too. The NAFCU Annual Conference coming up at the end of July in Nashvillewill feature a Women’s Leadership Summit , with a number of timely topics, including an initial look at how men and women credit union executives compare in regards to compensation and their presence in top executive positions. A bit of background – for five years now, Burns-Fazzi, Brock (the NAFCU Services Preferred Partner for Executive Compensation and Benefits) has underwritten the annual NAFCU-BFB Survey of Federal Credit Union Executive Benefits & Compensation. Conducted by an independent firm, Clark and Chase Research, there is no cost to participate, and the results are shared with participants as well as each yea...

Read Complete Article HERE>»

The St. Louis Fed said that research shows that historically checking and savings rates show almost no response to the increase in the federal funds rate and have been near zero since the 2007-09 financial crisis.

ST. LOUIS–As it is becoming more costly for people to hold not only cash but also bank deposits, new liquidity pressures are being felt by both financial institutions and depositors, creating a “liquidity premium,” according to new research by the St. Louis Federal Reserve Bank. With the Federal Open Market Committee (FOMC) raising the federal funds rate at its past four meetings, the St. Louis Fed has released new research that investigates the links between monetary policy and its macroeconomic effects, including in the 2022 tightening cycle. “Imagine a simple world where you can choose between three assets: cash, deposits, or bonds. Cash is the most liquid asset but pays no interest,” the St. Louis Fed stated. “Deposits, such as checking, savings, or time deposits, are less liquid than cash, but they pay rates set by the bank. Bonds are the least liquid among these assets, and assume, for simplicity, that bonds pay the federal funds rate. Banks raise deposits and ...

Read Complete Article HERE>»

Mobile Bill Pay Demand Is the Future

Imagine paying your house payment while riding in a double decker bus in London or making your Visa payment while waiting for a plane. According to the Javelin report, after a pause in 2010, mobile banking adoption surged by 63% in 2011, rising to 57 million from 35 million in the United States. That’s a meteoric increase of 22 million consumers in one year. Over the next five years, mobile banking is projected to increase at a steady compound annual growth rate of 10.3% as financial institutions roll out new offerings, the data showed. **** READ MORE: Mobile Bill Pay Demand Is the Future :

Read Complete Article HERE>»

First-responder Credit Union Newsroom

Search This Blog