'Anatomy' Of A Ransomware Attack

By Ray Birch

BALTIMORE—Credit unions should brace for almost a month of major problems if they’re victimized by a ransomware attack, according to one cybersecurity expert, whose insights into the “anatomy” of a ransomware attack are coming at the same time nearly 60 CUs are currently trying to restore their own operations.

As those credit unions have come to learn, it takes on average 22 days to get through a ransomware attack and get to the other side, that same expert stated.

That information and additional insights were shared during a webinar hosted by cybersecurity firm Think/Stack, which that was held to provide CUs with insights and answers regarding ransomware in light of the recent attack that that continues to affect those five-dozen CUs hit by an attack on a common vendor.

“We're all being targeted, and this (recent attack) could have happened to anybody,” said Cal Bowman, Think/Stack VP of client innovation and strategy, referring to an attack on the CUSO Ongoing Operations that in turn affected the data processor Fedcomp. “So, it's really important we all recognize that every one of you here has vendors, has partners that are vulnerable. Therefore, the question is, are you ready to respond to any type of large-scale event that really can cripple your organization?”

What’s Been Learned

Bowman said a goal of the webinar, which was attended by more than 300 credit unions, was to walk through what happens during a ransomware attack and share what his company has learned supporting CUs that have been victimized by such attacks.

Think/Stack VP of Security and Risk Jennifer Anthony said when a ransomware attack occurs in an organization it frequently creates the “fog of war.”

“What you will see in a generalized ransomware attack is the tactical and technical pieces that begin to happen over the first couple days,” Anthony explained.

But at the same time a credit union is seeking to find a tactical path through that fog, the emotional side of the battle must be given attention, as employees struggle to get the CU operating again, Anthony said.

“There is confusion and concern,” she said. “Maybe someone can't get on to a system they previously could access. Maybe there's a service that's not working and folks are starting to feel confused about what's going on. All this is happening as your technical teams in the background are beginning to quickly investigate the source of the problem.”

Anthony emphasized a credit union involved in a ransomware attack should be prepared to spend at least three weeks dealing with it.

The Internal Threat

As CUToday.info has reported and as credit unions are frequently warned, ransomware attacks often occur due to an employee opening the door by falling for a phishing scam or downloading a file they believe to be safe.

“This is a function of human performance,” she noted. “We all begin to look for who's at fault, who did something they were not supposed to do that caused this. What we tell organizations is that when you get caught in that space, you should not spend a lot of time trying to figure out who to point the finger at, (but instead spend) time trying to figure out how to get out of the situation.”

Not surprisingly, Anthony described the working environment following an attack as “chaotic.”

‘Everyone’s Scared’

“Everyone's scared. We're not sure what's going on and maybe we have members who are really angry. Maybe we have board members that are really angry, or leaders that are really angry,” she said. “The goal at this point is to figure out how to get past it. We'll figure out who's to blame or what's to blame, or how we can prevent it in the future at a later point.”

It's an issue credit unions should take seriously, according to Anthony, who said there is a growing ransomware threat to the not-for-profit co-ops.

“In the last seven months we worked with six credit unions who individually found themselves in this space,” she said. “This is something that's happening on a regular basis, across all industries.”

Anthony reminded that as the credit union moves through a ransomware incident many employees will be feelin remorse and concern over fellow workers in IT who are working feverishly to restore operations.

“They feel like they are at fault for what is going on, and that is a very difficult place to be,” she said. “The technical teams are trying to figure out how to remediate the situation. I've been in organizations where technical teams are working nonstop, around the clock, for days and days. The credit union then is trying to figure out how do we feed people? How are we going to send people home to sleep so they can come back and be effective—because you are in this fight for a long time and there is a lot of pressure on everyone.”

Like Being in a Battle

Anthony likened the experience to those who fight in a war.

“I spent 20 years in the in the United States military, and this is a roller coaster akin to what a service member might experience in their daily lives—and this can be traumatic,” she said.

She urged credit unions to consider where they are vulnerable.

“We know 93% of ransomware attacks are in Windows-based environment,” she said. “If we listed them in order of frequency of occurrence, how they occur, here's what they would be: Number one is e-mail phishing campaigns. Number two would be (remote desktop protocol or RDP) vulnerabilities. And number three would be software vulnerabilities.”

The Long-Term Affects

While those 22 days are the typical time from attack to restoration of service, Anthony said the repercussions are felt for many months afterward.

“With the recovery efforts and return to operation, the average time for an organization to move through that is about nine months,” she said. “The attack is not the only thing organizations have to grapple with; there are follow-on impacts that are significant. If you're an organization that has about 500 employees, your average recovery cost is going to be about $3.1 million. If an attacker is successful in extracting information from your environment, you'll have to deal with the impacts of that.”

Steps to Take

What steps should credit unions take today to prevent an attack? CUToday.info will share those in a follow-up report.

Comments

Syracuse Fire Department Credit Union

Remember, you're not alone with NCOFCU.org Join/Upgrade Check out some of NCOFCU's additional features: First Responder Credit Union Academy Financial Literacy Podcasts YouTube Mini's Blog Job Board

Read Complete Article HERE>»

Happy Holidays To All Who Serve

Happy Holidays To All Who Serve 12/22/2025 10:28 am By Grant Sheehan and Anthony Hernandez Every year, many Americans celebrate the joy of family and relief from work the holidays bring. Apart from the hustle and bustle, the holiday season is a special time to be with loved ones, engaging in family traditions and rituals, and making memories that will last a lifetime. However, not everyone gets to partake in the holiday gatherings. There are over a hundred thousand military members serving in harm’s way or in 24-hour command center...

Read Complete Article HERE>»

Sunday Reading - The gold standard, explained

Gold Standard The gold standard, explained A gold standard is a system where a country’s currency is pegged to, and can be converted into, a fixed amount of gold. It’s typically meant to create a sense of security in the country’s currency: When a government uses a gold standard , its currency can be exchanged for an equivalent amount of gold—although regulations around redemption vary by country. After the Civil War, in 1873, America adopted the gold standard for the first time. At the time, if gold was priced at $100 an ounce, each dollar rep...

Read Complete Article HERE>»

Is another housing bubble brewing?

While there have been fears expressed by some of a repeat of the housing bubble that led to the housing crisis just over a decade ago, numerous real estate analysts say they believe the market fundamentals are much stronger now and that the sharp increase in home prices reflects low rates, a lack of inventory, and demographics. To be sure, the market is hot in many markets, with home sellers receiving multiple cash offers, often over the listed price, on homes. Some analysts, including those at Swiss banking giant UBS, have published charts showing how home prices are outstripping both wages and rents, reported USA Today. Home prices have appreciated more than 60% since November 2012, incomes have only appreciated by 20% and rents by 30% over the same time period, the report added. “But unlike the real estate boom that led to the Great Recession, this nationwide price spike is not being fueled by a wholesale collapse in lender ethics,” USA Today reported “There aren't any low-doc o...

Read Complete Article HERE>»

NAFCU Economist: U.S. Might Dodge Recession

Curt Long said a strong jobs report shows resilience despite the Fed’s escalation in interest rates. By Jim DuPlessis | January 06, 2023 CUTimes Source: Shutterstock. NAFCU Chief Economist Curt Long said Friday the continued strength in the job market has increased the odds the nation will dodge a recession this year. The U.S. Bureau of Labor Statistics reported Friday there were 153.7 million seasonally adjusted jobs in December, an increase of 223,000, or 0.1%, from November and up 3% from a year earlier. The unemployment rate was 3.5% in December, down from 3.6% in November and 3.9% in December 2021. Long said December’s rate was the lowest in more than 50 years, while the labor force participation rate rose slightly. Seasonally adjusted average hourly earnings were $32.82 in December, up 0.3% from November and up 4.6% from a year ago, a slightly lower rate of increase from previous months. Curt Long “This is an unambiguously positiv...

Read Complete Article HERE>»

“The July jobs report was almost uniformly positive with strong job gains resulting in a large drop in the unemployment rate,” said NAFCU Chief Economist and Vice President of Research Curt Long.

WASHINGTON–The U.S. economy roared into midsummer with strong gains in hiring, according to the latest jobs report, even as questions remain over the ability to maintain the momentum as the Delta variant of the coronavirus continues to spread. According to numbers released last week by the Labor Department, employers added 943,000 jobs in July. But the number comes with a caveat in that the data was collected in the first half of the month, before variant-related cases exploded in many parts of the United States. “The July jobs report was almost uniformly positive with strong job gains resulting in a large drop in the unemployment rate,” said NAFCU Chief Economist and Vice President of Research Curt Long. “The retail sector did not enjoy a share in the gains, losing over 5,000 jobs during the month, but otherwise gains were broad. This report will add to mounting pressure on the Fed to taper asset purchases.” The numbers marked the best monthly performance since August 2020, and under...

Read Complete Article HERE>»

Sunday Reading - Lake Manly Returns

Lake Manly Returns An ancient lake has reemerged in California's Death Valley National Park following record rainfall this year. Between 128,000 and 186,000 years ago, meltwater from ice covering the Sierra Nevada fed rivers that emptied into Badwater Basin, North America’s lowest point at 282 feet below sea level. The steady flow sustained Lake Manly, nearly 100 miles long and roughly 600 feet deep. The lake disappeared as Death Valley evolved into the driest place in North America , with some areas receiving under two inches of rain annually. This year, however, the park received 2.41 inches between September and November, marking its wettest autumn on record and triggering the temporary return of a shorter, shallower Lake Manly. Above-average rainfall periodically brings Lake Manly back, including in 2023 when Hurricane Hilary dumped 2.2 inches of rain on a single August day, allowing visi...

Read Complete Article HERE>»

Liquidity Takes A Dive As Lending Ticks Up

NET LIQUIDITY CHANGE FOR U.S. CREDIT UNIONS | DATA AS OF 06.30.22 © Callahan & Associates | CreditUnions.com The federal government took a variety of steps to provide economic relief during the first year of the pandemic, including distributing trillions of dollars directly to consumers. As a result, credit union shares grew at record rates – well outpacing loan growth – leading to sizeable increases in liquidity. However, with the pandemic now mostly in the rearview mirror, credit unions are beginning to unwind the liquidity built up during the crisis. Credit unions reported 6.6% quarterly growth in outstanding loan balances as of 2Q22, well outpacing share growth over the same period, leading to liquidity outflows of $82.3 billion since March. This is a large change from 1Q22, when liquidity moderately increased by $16.8 billion. As economic activity expands, this liquidity is being converted from cash into impactful...

Read Complete Article HERE>»

‘Soft Landing’ of Economy Appears More Likely, New Analysis Suggests

WASHINGTON–The U.S. economy grew more than previously thought in the second quarter, data released Thursday shows, “bolstering the case that the country may be experiencing a so-called soft landing,” according to one new analysis. Gross domestic product grew at a 3% seasonally and inflation-adjusted annual rate, the Commerce Department said in its revised estimate. That is up from the 2.8% rate reported last month, and it is far above the first quarter’s weak 1.4% expansion. Initial jobless claims for the week ended Aug. 24 also fell slightly, according to the Labor Department, another positive sign for the health of the U.S. economy, noted the Wall Street Journal in its analysis of the newest data. ‘All But Certain’ “Despite the economy's...

Read Complete Article HERE>»

What are workers thinking in 2022? By Sarah Miller, Ashley Putnam

By Sarah Miller, Ashley Putnam From Philadelphia to Atlanta to Portland, communities rallied behind workers who couldn’t shift to remote work at the beginning of the COVID-19 pandemic. When 7 pm came around, neighbors stood on their front steps and leaned out windows to applaud health care workers. Handwritten signs supporting grocers, farmers, and first responders decorated windows and lawns. Drivers found snacks and thank-you notes on porches as thanks for delivering packages safely. Workers who could not work from home even got a new name: Essential . As the pandemic marched on, life resumed some measures of normalcy. You may find yourself eating inside restaurants or shopping more frequently in stores. Once again, more of us are traveling to see family or friends, or to get away for a long-delayed vacation. You might also notice that fewer workers seem to be doing those “essential” jobs we celebrated not too long ago. More jobs than jobseekers The question eve...

Read Complete Article HERE>»

First-responder Credit Union Newsroom

Search This Blog