'Anatomy' Of A Ransomware Attack

By Ray Birch

BALTIMORE—Credit unions should brace for almost a month of major problems if they’re victimized by a ransomware attack, according to one cybersecurity expert, whose insights into the “anatomy” of a ransomware attack are coming at the same time nearly 60 CUs are currently trying to restore their own operations.

As those credit unions have come to learn, it takes on average 22 days to get through a ransomware attack and get to the other side, that same expert stated.

That information and additional insights were shared during a webinar hosted by cybersecurity firm Think/Stack, which that was held to provide CUs with insights and answers regarding ransomware in light of the recent attack that that continues to affect those five-dozen CUs hit by an attack on a common vendor.

“We're all being targeted, and this (recent attack) could have happened to anybody,” said Cal Bowman, Think/Stack VP of client innovation and strategy, referring to an attack on the CUSO Ongoing Operations that in turn affected the data processor Fedcomp. “So, it's really important we all recognize that every one of you here has vendors, has partners that are vulnerable. Therefore, the question is, are you ready to respond to any type of large-scale event that really can cripple your organization?”

What’s Been Learned

Bowman said a goal of the webinar, which was attended by more than 300 credit unions, was to walk through what happens during a ransomware attack and share what his company has learned supporting CUs that have been victimized by such attacks.

Think/Stack VP of Security and Risk Jennifer Anthony said when a ransomware attack occurs in an organization it frequently creates the “fog of war.”

“What you will see in a generalized ransomware attack is the tactical and technical pieces that begin to happen over the first couple days,” Anthony explained.

But at the same time a credit union is seeking to find a tactical path through that fog, the emotional side of the battle must be given attention, as employees struggle to get the CU operating again, Anthony said.

“There is confusion and concern,” she said. “Maybe someone can't get on to a system they previously could access. Maybe there's a service that's not working and folks are starting to feel confused about what's going on. All this is happening as your technical teams in the background are beginning to quickly investigate the source of the problem.”

Anthony emphasized a credit union involved in a ransomware attack should be prepared to spend at least three weeks dealing with it.

The Internal Threat

As CUToday.info has reported and as credit unions are frequently warned, ransomware attacks often occur due to an employee opening the door by falling for a phishing scam or downloading a file they believe to be safe.

“This is a function of human performance,” she noted. “We all begin to look for who's at fault, who did something they were not supposed to do that caused this. What we tell organizations is that when you get caught in that space, you should not spend a lot of time trying to figure out who to point the finger at, (but instead spend) time trying to figure out how to get out of the situation.”

Not surprisingly, Anthony described the working environment following an attack as “chaotic.”

‘Everyone’s Scared’

“Everyone's scared. We're not sure what's going on and maybe we have members who are really angry. Maybe we have board members that are really angry, or leaders that are really angry,” she said. “The goal at this point is to figure out how to get past it. We'll figure out who's to blame or what's to blame, or how we can prevent it in the future at a later point.”

It's an issue credit unions should take seriously, according to Anthony, who said there is a growing ransomware threat to the not-for-profit co-ops.

“In the last seven months we worked with six credit unions who individually found themselves in this space,” she said. “This is something that's happening on a regular basis, across all industries.”

Anthony reminded that as the credit union moves through a ransomware incident many employees will be feelin remorse and concern over fellow workers in IT who are working feverishly to restore operations.

“They feel like they are at fault for what is going on, and that is a very difficult place to be,” she said. “The technical teams are trying to figure out how to remediate the situation. I've been in organizations where technical teams are working nonstop, around the clock, for days and days. The credit union then is trying to figure out how do we feed people? How are we going to send people home to sleep so they can come back and be effective—because you are in this fight for a long time and there is a lot of pressure on everyone.”

Like Being in a Battle

Anthony likened the experience to those who fight in a war.

“I spent 20 years in the in the United States military, and this is a roller coaster akin to what a service member might experience in their daily lives—and this can be traumatic,” she said.

She urged credit unions to consider where they are vulnerable.

“We know 93% of ransomware attacks are in Windows-based environment,” she said. “If we listed them in order of frequency of occurrence, how they occur, here's what they would be: Number one is e-mail phishing campaigns. Number two would be (remote desktop protocol or RDP) vulnerabilities. And number three would be software vulnerabilities.”

The Long-Term Affects

While those 22 days are the typical time from attack to restoration of service, Anthony said the repercussions are felt for many months afterward.

“With the recovery efforts and return to operation, the average time for an organization to move through that is about nine months,” she said. “The attack is not the only thing organizations have to grapple with; there are follow-on impacts that are significant. If you're an organization that has about 500 employees, your average recovery cost is going to be about $3.1 million. If an attacker is successful in extracting information from your environment, you'll have to deal with the impacts of that.”

Steps to Take

What steps should credit unions take today to prevent an attack? CUToday.info will share those in a follow-up report.

Comments

A Perfect Example - What Makes Credit Unions Different from Banks!

When the government shutdown hit in October and paychecks stopped, thousands of federal employees were left wondering how to make ends meet. Credit unions across the country stepped up—but Keesler Federal Credit Union went above and beyond. No loans, no hassle—just your paycheck Instead of making members apply for emergency loans, Keesler Federal launched its Paycheck Relief Program. Revolutionary in its simplicity, it worked like this: if you were a federal employee with direct deposit at Keesler Federal, your paycheck kept coming—interest-free, fee-free, and stress-free. Each qualified member could receive up to $6,000 per pay period for as long as 90 days. No hoops, no headaches. From October 1 until the shutdown ended, Keesler Federal advanced more than 5,000 paychecks totaling $6.5 million to 1,710 members. For non-members, they even offered zero-interest loans up to $6,500 with a year to pay it back. This proactive approach meant that before the first missed paycheck, Keesler Fed...

Read Complete Article HERE>»

Sunday Reading - What's the point of a consumer electronics show?

What's the point of a consumer electronics show? Consumer electronics shows are large convention-type events where companies debut new technologies and products. The largest and most notable shows are CES in Las Vegas, a trade show every January, and IFA Berlin, which takes place annually in September. The events have historically introduced novel, cutting-edge products that later became household standards, like HDTVs, VCRs, DVDs, and gaming consoles ( see list ). Over time, these shows evolved from product showcases ( see last year's coolest gadgets ) into complex industry ecosystems, serving as a meeting ground for startups, multinational technology companies, investors, and the media. Hardware launches, keynote speeches, and...

Read Complete Article HERE>»

Eight Credit Unions Pay $42 Million in Special Dividends to 1.1 Million Members

By Jim DuPlessis | January 05, 2026 at 04:00 PM So far this season, CU Times has tallied 19 credit unions, which have announced $160.3 million in special dividends for members. Eight more credit unions have reported special dividends, paying their 1.1 million members $42.1 million in December and January. The bulk of the dividends came from Police and Fire Federal Credit Union of Philadelphia and Eastman Credit Union of Kingsport, Tenn., which each announced $16 million in rewards approved by their boards. The late January payout from Eastman ($9.7 billion, 356,492 members) will bring its total special dividends to $225 million since 1998. A news release from the credit union said “the Extraordinary Dividend is never guaranteed, but the strong financial performance of ECU in 2025 enabled the Board of Directors to approve this year’s $16 million payout.” Eastman’s $16 million payout represents about $47 per member and 19 basis points of its averag...

Read Complete Article HERE>»

New Year’s Resolution: Getting Your Estate in Order

Helping families and their businesses plan for the future Your Most Important New Year’s Resolution: Getting Your Estate in Order Happy New Year to all. Every January, millions of Americans resolve to lose weight, exercise more, or learn a new skill. These are admirable goals. But there’s one resolution that matters more than all of them combined—one that most people avoid because it forces them to confront their own mortality. Get your estate in order. Not next year. Not when you retire. Now. The Problem With Tomorrow Here’s what I see constantly...

Read Complete Article HERE>»

Syracuse Fire Department Credit Union

Congrats, Tonia, on your promotion! ================================================= Remember, you're not alone with NCOFCU.org Join/Upgrade Check out some of NCOFCU's additional features: First Responder Credit Union Academy Financial Literacy Podcasts YouTube Mini's Blog Job Board

Read Complete Article HERE>»

Sunday Reaing - Can the seasons really make you depressed?

Can the seasons really make you depressed? Seasonal affective disorder is a form of depression that repeats during predictable seasonal shifts, impacting an estimated 5% of the global population—predominantly women. Symptoms of the condition occur with significant cyclical changes in daylight hours, with prevalence increasing in regions north of 40 degrees latitude (less commonly in the Southern Hemisphere). Its etiology—or root cause—remains unclear to researchers. Though “winter blues” are commonly reported, SAD is a distinct, diagnosed subtype of major depressive disorder first formally described in 1984 ( see criteria ). Key symptoms—lasting roughly four months each year—resemble common depression: fatigue, increased sleep, carbohydrate cravi...

Read Complete Article HERE>»

What Could Tokenized Deposits Mean for CUs?

WASHINGTON—Noting that the FDIC has expressed support for tokenized deposits as insured bank liabilities, not experimental digital assets, a new analysis offers some insights into what that could mean for financial institutions, credit unions and the market in 2026 and beyond. As PYMNTS Intelligence pointed out in its report, regulatory clarity reduces risk for banks moving from pilots to live deployments, and large banks and infrastructure providers are already testing real-world tokenized deposit use cases. “At its simplest, tokenization converts an existing claim into a digital representation on a distributed ledger,” the report explained. “The underlying asset does not change, but the infrastructure that tracks ownership and settlement does. In banking, that distinction is critical. Tokenized deposits do not create new money. They represent traditional bank deposits, issued and redeemed by regulated institutions but designed to operate on modern, programma...

Read Complete Article HERE>»

Are Credit Unions Serving First Responders Ready for the Coronavirus?

As the coronavirus outbreak continues to grow are credit unions serving first responders ready? Credit unions serving first responders will be a primary point of contact as first responders come off duty and into the credit union. ARLINGTON, Va.—How effective are credit union plans for addressing pandemics and business continuity? It’s a question credit unions need to be asking right now as the coronavirus outbreak continues to grow. Death tolls this week topped 1,100, with a record 100 officially reported as getting sick in a day. The coronavirus has already surpassed SARS (severe acute respiratory syndrome) in number of affected and killed. Experts told CUToday.info the growth of the coronavirus that CUs should be reviewing their pandemic and business continuity plans, which likely have not been visited since the SARS outbreak in 2002. “I think it's too early to tell what kind of impact the coronavirus may have here in the U.S.,” said NAFCU Vice ...

Read Complete Article HERE>»

Fed Raises Rates to Highest Point Since 2001; Here's What CU Economists Are Saying

WASHINGTON—Emphasizing it remains “highly attentive to inflation risks,” the Federal Resoerve has moved to hike interest rates by 25 basis points, setting the target range for federal funds at 5.25 to 5.5%--their highest level since 2001. The Federal Open Market Committee made the announcement Wednesday at the close of its July two-day meeting here, and suggested it may not yet be done with rate increases. “Recent indicators suggest that economic activity has been expanding at a moderate pace. Job gains have been robust in recent months, and the unemployment rate has remained low. Inflation remains elevated,” the Fed stated in a release. Tighter Conditions “Tighter credit conditions for households and businesses are likely to weigh on economic...

Read Complete Article HERE>»

Strategies for Rebuilding Consumer Loans Post-Covid

Here are strategies recommended by Kremer and D’Acierno for making the comeback: 1. Meet credit-ready consumers where they are looking for credit. Traditional outbound marketing, even in digital forms, depends on grabbing the right eyeballs at a time when the consumer is actually seeking credit. That’s a tough challenge, according to Kremer. He suggests that financial comparison sites, such as Bankrate.com, The Ascent and NerdWallet, present a better opportunity for exposure. Today’s consumers, should they not have an offer of financing directly with their prospective purchase, are not going to wait to stumble across a web banner promoting loans, suggests Kremer. Proactively, they go hunting the best credit deals, he says, and the comparison sites are the first stop. 2. Seek opportunities where people are seeking new credit. Even as the “new normal” continues to unfold, a key opportunity for lenders is the home improvement market, which began during the pandemic, a...

Read Complete Article HERE>»

First-responder Credit Union Newsroom

Search This Blog