'Anatomy' Of A Ransomware Attack

By Ray Birch

BALTIMORE—Credit unions should brace for almost a month of major problems if they’re victimized by a ransomware attack, according to one cybersecurity expert, whose insights into the “anatomy” of a ransomware attack are coming at the same time nearly 60 CUs are currently trying to restore their own operations.

As those credit unions have come to learn, it takes on average 22 days to get through a ransomware attack and get to the other side, that same expert stated.

That information and additional insights were shared during a webinar hosted by cybersecurity firm Think/Stack, which that was held to provide CUs with insights and answers regarding ransomware in light of the recent attack that that continues to affect those five-dozen CUs hit by an attack on a common vendor.

“We're all being targeted, and this (recent attack) could have happened to anybody,” said Cal Bowman, Think/Stack VP of client innovation and strategy, referring to an attack on the CUSO Ongoing Operations that in turn affected the data processor Fedcomp. “So, it's really important we all recognize that every one of you here has vendors, has partners that are vulnerable. Therefore, the question is, are you ready to respond to any type of large-scale event that really can cripple your organization?”

What’s Been Learned

Bowman said a goal of the webinar, which was attended by more than 300 credit unions, was to walk through what happens during a ransomware attack and share what his company has learned supporting CUs that have been victimized by such attacks.

Think/Stack VP of Security and Risk Jennifer Anthony said when a ransomware attack occurs in an organization it frequently creates the “fog of war.”

“What you will see in a generalized ransomware attack is the tactical and technical pieces that begin to happen over the first couple days,” Anthony explained.

But at the same time a credit union is seeking to find a tactical path through that fog, the emotional side of the battle must be given attention, as employees struggle to get the CU operating again, Anthony said.

“There is confusion and concern,” she said. “Maybe someone can't get on to a system they previously could access. Maybe there's a service that's not working and folks are starting to feel confused about what's going on. All this is happening as your technical teams in the background are beginning to quickly investigate the source of the problem.”

Anthony emphasized a credit union involved in a ransomware attack should be prepared to spend at least three weeks dealing with it.

The Internal Threat

As CUToday.info has reported and as credit unions are frequently warned, ransomware attacks often occur due to an employee opening the door by falling for a phishing scam or downloading a file they believe to be safe.

“This is a function of human performance,” she noted. “We all begin to look for who's at fault, who did something they were not supposed to do that caused this. What we tell organizations is that when you get caught in that space, you should not spend a lot of time trying to figure out who to point the finger at, (but instead spend) time trying to figure out how to get out of the situation.”

Not surprisingly, Anthony described the working environment following an attack as “chaotic.”

‘Everyone’s Scared’

“Everyone's scared. We're not sure what's going on and maybe we have members who are really angry. Maybe we have board members that are really angry, or leaders that are really angry,” she said. “The goal at this point is to figure out how to get past it. We'll figure out who's to blame or what's to blame, or how we can prevent it in the future at a later point.”

It's an issue credit unions should take seriously, according to Anthony, who said there is a growing ransomware threat to the not-for-profit co-ops.

“In the last seven months we worked with six credit unions who individually found themselves in this space,” she said. “This is something that's happening on a regular basis, across all industries.”

Anthony reminded that as the credit union moves through a ransomware incident many employees will be feelin remorse and concern over fellow workers in IT who are working feverishly to restore operations.

“They feel like they are at fault for what is going on, and that is a very difficult place to be,” she said. “The technical teams are trying to figure out how to remediate the situation. I've been in organizations where technical teams are working nonstop, around the clock, for days and days. The credit union then is trying to figure out how do we feed people? How are we going to send people home to sleep so they can come back and be effective—because you are in this fight for a long time and there is a lot of pressure on everyone.”

Like Being in a Battle

Anthony likened the experience to those who fight in a war.

“I spent 20 years in the in the United States military, and this is a roller coaster akin to what a service member might experience in their daily lives—and this can be traumatic,” she said.

She urged credit unions to consider where they are vulnerable.

“We know 93% of ransomware attacks are in Windows-based environment,” she said. “If we listed them in order of frequency of occurrence, how they occur, here's what they would be: Number one is e-mail phishing campaigns. Number two would be (remote desktop protocol or RDP) vulnerabilities. And number three would be software vulnerabilities.”

The Long-Term Affects

While those 22 days are the typical time from attack to restoration of service, Anthony said the repercussions are felt for many months afterward.

“With the recovery efforts and return to operation, the average time for an organization to move through that is about nine months,” she said. “The attack is not the only thing organizations have to grapple with; there are follow-on impacts that are significant. If you're an organization that has about 500 employees, your average recovery cost is going to be about $3.1 million. If an attacker is successful in extracting information from your environment, you'll have to deal with the impacts of that.”

Steps to Take

What steps should credit unions take today to prevent an attack? CUToday.info will share those in a follow-up report.

Comments

Where are your children banking?

Grant Sheehan CCUE | CCUP | CEO, NCOFCU The B reach Between Purpose and Experience Just recently, I came across a story that has stayed with me. It wasn’t dramatic in the traditional sense. There was no scandal, no crisis, no headline-grabbing failure. In fact, it was something much quieter than that. It was simply the story of an eighteen-year-old leaving his credit union. On the surface, that might not sound remarkable. Young people move their money frequently. They open new accounts, experiment with apps, follow trends, and often make financial decisions influenced by the digital tools at their disposal. But this story was different. This young man had been a credit union member since he was a few weeks old, as many credit unions do. His mother has spent her career working inside the credit union movement as an executive. For eighteen years, his financial life was connected to a credit union. If anyone might be expected to remain a lifelong member, it wou...

Read Complete Article HERE>»

Sunday Reading - March Madness, explained

The Big Dance March Madness, explained "March Madness" is the well-known name for the NCAA's annual Division I men's and women's basketball tournaments, which determine national champions through a 68-team , single-elimination format. Automatic bids go to 31 conference winners, while 37 at-large selections fill the field. The high-stakes structure—where smaller "Cinderella" schools can upset powerhouses—drives huge viewership and revenue; TV and marketing rights account for roughly two-thirds of the NCAA's $1.4B income in fiscal 2024. The National Inv...

Read Complete Article HERE>»

Economic and Industry Issues

Weekly News Summary - July 30, 2020 Press Release For Immediate Release Weekly News Summary Hello NCOFCU Members, Here are some things that were in the news last week. Please share these articles with your Supervisory Committee and Board of Directors. If you missed previous editions of the weekly news, summaries of those can be viewed at our archive . Have a great week! Mike Richards, CPA The Callahan Credit Union A...

Read Complete Article HERE>»

Three Tips for Better Google Searching - NYTimes.com

Here are the three tips — basic, intermediate and advanced — from Dan Russell at Google. He studies how people use the search engine and teaches classes on how to do it better , including a free online course this month, for which registration started Tuesday. He promises these tips will make you happy, and he cares a lot about that — his official title at Google is über tech lead for search quality and user happiness.----- Three Tips for Better Google Searching - NYTimes.com

Read Complete Article HERE>»

Firefighters Community CU Casual for a Cause

The $185 million Firefighters Community Credit Union in Cleveland is one of many across the country participating in Miracle Jeans Day on Wednesday. More than 40 of the 50 or so employees at the 25,000-member credit union have paid $5 for the right to go casual that day at work, and the staff so far as raised $310 for the effort to help local Children’s Miracle Network Hospitals-------- Casual for a Cause

Read Complete Article HERE>»

5 Red Flags: When Boards Lean Too Heavily on Management

The Quiet Governance Risk Credit Unions Should Talk About By Grant Sheehan, CCUE | CCUP | CEO, NCOFCU Having spent many years both serving on a credit union board and leading as a CEO , I’ve had the opportunity to see governance from both sides of the table. That perspective has given me a deep appreciation for the delicate balance that must exist between management, leadership, and board oversight. When that balance works well, credit unions thrive. But when it slowly shifts — often unintentionally — it can create governance weaknesses that regulators and examiners increasingly watch for. In conversations with governance professionals and through years of industry experience, one theme keeps emerging: most governance problems don’t begin with bad intentions or misconduct. They begin with boards that gradually become too dependent on management. This is rarely obvious at first, but in fact, it often occurs within high-performing organizations. But slight patterns ca...

Read Complete Article HERE>»

Credit Unions Offering Unique Financial Strategies for Women

Women of all ages and walks of life are in a unique place financially in today’s day and age, fulfilling more roles than in years past including that of professional, mother, homemaker, business woman, student, etc. More is expected of modern women and yet they still tend to earn less than their male counterparts. According to the US Census Bureau, the median income of a woman with a bachelor’s degree is about 67 percent as much as that of a man with a bachelor’s degree-------- Credit Unions Offering Unique Financial Strategies for Women

Read Complete Article HERE>»

Americans are using alternative financing arrangements, such as rent-to-own

CUToday PHILADELPHIA–Many Americans are using alternative financing arrangements, such as rent-to-own, that a new report from Pew Charitable Trusts indicates are generally riskier, more costly, and subject to far weaker consumer protections and regulatory oversight than traditional mortgages. Pew Trusts sad the “evidence suggests that a shortage of small mortgages, those for less than $150,000, may be driving some home borrowers (i.e., people who purchase a home with financing) who could qualify for a mortgage into these alternative arrangements. And other factors related to a home’s habitability and the ownership of the land beneath a manufactured home—the modern version of a mobile home—can make certain homes ineligible for mortgage financing altogether.” According to Pew, the evidence of potential consumer harm, little is known about the prevalence of alternative financing in the U.S., primarily because no systematic national data collection exists. Pew said approximate...

Read Complete Article HERE>»

Stay-at-home parents getting new credit card rule - Sep. 24, 2012

Help is on the way for stay-at-home parents being denied credit cards because they don't have income of their own. The Consumer Financial Protection Bureau will propose a rule within the next few months that will make it easier for applicants without personal income to qualify for credit cards, the agency's director Richard Cordray said at a congressional hearing last week..... Read More At .. Stay-at-home parents getting new credit card rule - Sep. 24, 2012

Read Complete Article HERE>»

Do you know where your credit union stands on executive compensation and benefits?

Do you know where your credit union stands on executive compensation and benefits? : Every credit union is unique, and every CEO places a different emphasis on how they want their executive compensation and benefits package tailored, which makes an assessment of ‘market rates’ for executive benefits and compensation challenging. If you’re a board member you want to be both fair to your executives, provide a combination of compensation and benefits with the right mix of incentives to ensure alignment with your strategic goals, and also fulfill your fiduciary obligation to fellow credit union members. As an executive, you want to make sure that your compensation and benefits are competitive and fit your personal needs, and are also flexible enough to adapt as those needs change throughout your career. One great way to find out where your credit union stands relative to the market is with the NAFCU-Burns-Fazzi, Brock (BFB) Executive Compensation and Benefits Survey (free to survey pa...

Read Complete Article HERE>»

First-responder Credit Union Newsroom

Search This Blog