Skip to main content

'Anatomy' Of A Ransomware Attack

By Ray Birch

BALTIMORE—Credit unions should brace for almost a month of major problems if they’re victimized by a ransomware attack, according to one cybersecurity expert, whose insights into the “anatomy” of a ransomware attack are coming at the same time nearly 60 CUs are currently trying to restore their own operations.

As those credit unions have come to learn, it takes on average 22 days to get through a ransomware attack and get to the other side, that same expert stated.

That information and additional insights were shared during a webinar hosted by cybersecurity firm Think/Stack, which that was held to provide CUs with insights and answers regarding ransomware in light of the recent attack that that continues to affect those five-dozen CUs hit by an attack on a common vendor.

Feature Ransomware Webinar 1

“We're all being targeted, and this (recent attack) could have happened to anybody,” said Cal Bowman, Think/Stack VP of client innovation and strategy, referring to an attack on the CUSO Ongoing Operations that in turn affected the data processor Fedcomp. “So, it's really important we all recognize that every one of you here has vendors, has partners that are vulnerable. Therefore, the question is, are you ready to respond to any type of large-scale event that really can cripple your organization?”

What’s Been Learned

bowman

Bowman said a goal of the webinar, which was attended by more than 300 credit unions, was to walk through what happens during a ransomware attack and share what his company has learned supporting CUs that have been victimized by such attacks.

Think/Stack VP of Security and Risk Jennifer Anthony said when a ransomware attack occurs in an organization it frequently creates the “fog of war.”

“What you will see in a generalized ransomware attack is the tactical and technical pieces that begin to happen over the first couple days,” Anthony explained.

But at the same time a credit union is seeking to find a tactical path through that fog, the emotional side of the battle must be given attention, as employees struggle to get the CU operating again, Anthony said.

“There is confusion and concern,” she said. “Maybe someone can't get on to a system they previously could access. Maybe there's a service that's not working and folks are starting to feel confused about what's going on. All this is happening as your technical teams in the background are beginning to quickly investigate the source of the problem.”

Anthony emphasized a credit union involved in a ransomware attack should be prepared to spend at least three weeks dealing with it.  

The Internal Threat

As CUToday.info has reported and as credit unions are frequently warned, ransomware attacks often occur due to an employee opening the door by falling for a phishing scam or downloading a file they believe to be safe.

“This is a function of human performance,” she noted. “We all begin to look for who's at fault, who did something they were not supposed to do that caused this. What we tell organizations is that when you get caught in that space, you should not spend a lot of time trying to figure out who to point the finger at, (but instead spend) time trying to figure out how to get out of the situation.”

Not surprisingly, Anthony described the working environment following an attack as “chaotic.”

‘Everyone’s Scared’

“Everyone's scared. We're not sure what's going on and maybe we have members who are really angry. Maybe we have board members that are really angry, or leaders that are really angry,” she said. “The goal at this point is to figure out how to get past it. We'll figure out who's to blame or what's to blame, or how we can prevent it in the future at a later point.”

It's an issue credit unions should take seriously, according to Anthony, who said there is a growing ransomware threat to the not-for-profit co-ops.

“In the last seven months we worked with six credit unions who individually found themselves in this space,” she said. “This is something that's happening on a regular basis, across all industries.”

Anthony reminded that as the credit union moves through a ransomware incident many employees will be feelin remorse and concern over fellow workers in IT who are working feverishly to restore operations.

“They feel like they are at fault for what is going on, and that is a very difficult place to be,” she said. “The technical teams are trying to figure out how to remediate the situation. I've been in organizations where technical teams are working nonstop, around the clock, for days and days. The credit union then is trying to figure out how do we feed people? How are we going to send people home to sleep so they can come back and be effective—because you are in this fight for a long time and there is a lot of pressure on everyone.”

Like Being in a Battle

Anthony likened the experience to those who fight in a war.

“I spent 20 years in the in the United States military, and this is a roller coaster akin to what a service member might experience in their daily lives—and this can be traumatic,” she said.

anthony

She urged credit unions to consider where they are vulnerable.  

“We know 93% of ransomware attacks are in Windows-based environment,” she said. “If we listed them in order of frequency of occurrence, how they occur, here's what they would be: Number one is e-mail phishing campaigns. Number two would be (remote desktop protocol or RDP) vulnerabilities. And number three would be software vulnerabilities.”

The Long-Term Affects

While those 22 days are the typical time from attack to restoration of service, Anthony said the repercussions are felt for many months afterward.

“With the recovery efforts and return to operation, the average time for an organization to move through that is about nine months,” she said. “The attack is not the only thing organizations have to grapple with; there are follow-on impacts that are significant. If you're an organization that has about 500 employees, your average recovery cost is going to be about $3.1 million. If an attacker is successful in extracting information from your environment, you'll have to deal with the impacts of that.”

Steps to Take

What steps should credit unions take today to prevent an attack? CUToday.info will share those in a follow-up report.

Comments

Post a Comment

Please no profanity or political comments.

Popular posts from this blog

When Vendors Price for Giants

 Grant Sheehan CCUE | CEO Opinion: When Vendors Price for Giants, They Shrink the Future of Small Credit Unions ! There’s a quiet squeeze happening in the credit union industry, and it’s not coming from regulators or competition from big banks. It’s coming from the very vendors that claim to support the ecosystem. For small credit unions, the problem is increasingly simple and factual: the tools required to compete with digital banking platforms, fraud systems, compliance software, analytics, and payments infrastructure are priced for institutions ten or even 100 times their size. The result is a market where access to essential services is determined not by mission or member need, but by asset size. This isn’t just inconvenient. It’s structurally threatening. Vendors often defend their pricing models as a reflection of complexity or scale. Larger credit unions have more users, more transactions, more integrations, so they pay more, and that seems fair on the surface. But t...
Post a Comment
Read Complete Article HERE>»

Growing Your Credit Union Without Expanding Your FOM

For many firefighter and other credit union primarly serving first responders, growth often feels tied to one big decision: expanding the Field of Membership (FOM). But what if you didn’t have to? What if growth could come from within —by deepening relationships, increasing engagement, and capturing more of the financial lives of the members you already serve? The truth is: it can. But it requires a shift in strategy. Rethinking What “Growth” Really Means Most institutions define growth as adding more members. But for single-sponsor credit unions, especially those serving first responders, a more powerful definition is: Growth = more value per member Many members only use one or two products—often a checking account and maybe an auto loan. Meanwhile, larger banks capture mortgages, credit cards, and investments. The opportunity isn’t just new members. It’s: More products per member Higher balances per relationship Greater share of wallet Your Biggest Advantage: The First Responder Life...
Post a Comment
Read Complete Article HERE>»

How's Your Posture?

      April Blog   How's Your Posture?   Scenario Planning Is Dead! Long Live Strategic Posture. by That One Consultant You Hired and Then Ignored   Somewhere in your credi...
Post a Comment
Read Complete Article HERE>»

Fed still holds off on rate increase | 2015-07-30 | CUNA News

  WASHINGTON (7/30/15)--Citing “moderate” economic expansion, the Federal Open Market Committee continues to do “a balancing act,” said CUNA Senior Economist Perc Pineda. The Federal Reserve’s monetary policy-making body completed its meeting Wednesday without edging up the federal funds interest rate. Fed Chair Janet Yellen has said the committee will opt for an interest-rate increase sometime this fall. The July meeting, however, was not the time. “The Federal Reserve continues to do a balancing act: the U.S. economy is not in a recession and definitely not overheating,” Pineda told News Now . “Changes in monetary policy after all are meant to influence an underperforming or an overheating economy.” Household spending growth has been moderate, and housing has shown additional improvement, the committee said. Labor conditions continue to improve with declining unemployment and solid job gains. Inflation is anticipated to remain near its recent low level in the near term,...
Post a Comment
Read Complete Article HERE>»

Syracuse Fire Department Credit Union.

  ================================================= Remember, you're not alone with  NCOFCU.org Join/Upgrade Check out some of NCOFCU's additional features: Annual Conference First Responder Credit Union Academy Financial Literacy Podcasts YouTube Mini's Advocacy  
Post a Comment
Read Complete Article HERE>»

IRS Reporting Proposal Scaled Back, but Still 'Flawed'

On Tuesday, Senate Democrats distributed an update to the controversial IRS reporting requirements that the credit union industry has been very vocally opposed to since it was unveiled in late June. According to the updated proposal rolled out Tuesday, it would require financial institutions to report inflows and outflows of personal and business accounts, as well as transfers between accounts of the same owner, if it is more than $10,000 per year. The proposal floating around for the past four months had the threshold at $600 per year. The requirements do not apply to payroll deposits for wages or to those receiving Social Security benefits. In response to the updated IRS reporting proposal, NAFCU President/CEO Dan Berger said, “It has become abundantly clear that Americans oppose the IRS obtaining additional information on their financial accounts. The updated plan is nothing more than window dressing in an attempt to shore up support for a flawed proposal. Instead of creating financ...
Post a Comment
Read Complete Article HERE>»

Please Support the Tunnels 2 Towers Foundation

The mission of the Stephen Siller Tunnel to  Towers   Foundation is to honor the sacrifice of firefighter Stephen Siller, who laid down his life to save others on September 11, 2001. We also honor our military and first responders who continue to make the supreme sacrifice of life and limb for our country. In response to COVID-19 , Tunnels to Towers has established the COVID-19 Heroes Fund , pledging to support frontline health care workers by providing meals, personal protective equipment (PPE) and, should tragedy strike, financial relief through temporary mortgage payments on homes of health care workers who lose their lives and leave behind young children. Through the  Fallen First Responder Home Program , Tunnel to Towers aims to pay off the mortgages of fallen law enforcement officers and firefighters killed in the line of duty that leave behind young children.  The Foundation’s goal is to ensure stability and security to these families facing sudden, tra...
Post a Comment
Read Complete Article HERE>»

Sunday Reading - Landmine Rat Honored

  Landmine Rat Honored   Cambodia unveiled the world’s first statue honoring a landmine-detecting rat (w/photo) Friday. Magawa the rat lived to 8 years old and identified more than 100 landmines and other explosives from 2016 to 2021.  There are more than 100 African pouched rats deployed in landmine detection operations across the world. To identify mines, the rats are trained to sniff out explosive compounds like trinitrotoluene, or TNT. (The rats are not heavy enough to trigger detonation.) In Cambodia, up to 6 million landmines remain undiscovered, most planted during three decades of conflict, from the Vietnam War era through Cambodia's civil war . Since 1979, roughly 20,000 people have been killed in Cambodia, and roughly 40,000 wounded as a result of the mines. Magawa cleared more than ...
Post a Comment
Read Complete Article HERE>»

Pickup Truck Sales Increase

LAWRENCEVILLE, Ga.—Used vehicle values saw a slight increase in September, thanks to a surge in the values of full-sized pickup trucks, Black Book reports. The company’s Used Vehicle Retention Index hit an all-time high in September (130.8), a +1.8-point change from August (129.0). The uptick in values continues what many analysts have called surprising strength in the used market this year. However, big declines are expected before year’s end. “Overall, the Index increased slightly in September,” said Alex Yurchenko, senior vice president, data science at Black Book. “The increase was driven mostly by the strength of the full-size pickup segment in the first part of September as most of the other segments saw a drop in the Index. We expect the continuation of weakening of most of the segments including full-size pickups in the next several months as the economy remains weak and there is an expected glut of used supply.” The Black Book Used Vehicle Retention Index is calc...
Post a Comment
Read Complete Article HERE>»

The FedNow Service will launch in 2023 "Are you ready?"

The FedNow Service is a new instant payment service that the Federal Reserve Banks are developing to enable financial institutions of every size, and in every community across the U.S., to provide safe and efficient instant payment services in real-time, around the clock, every day of the year. Through financial institutions participating in the FedNow Service, businesses and individuals will be able to send and receive instant payments conveniently, and recipients will have full access to funds immediately, giving them greater flexibility to manage their money and make time-sensitive payments. Consistent with the Federal Reserve’s historical role of providing payment services alongside private-sector providers, the FedNow Service will provide choice in the market for clearing and settling instant payments as well as promote resiliency through redundancy. Financial institutions and their service providers will be able to use the service as a springboard to provide innovative instant p...
Post a Comment
Read Complete Article HERE>»