'Anatomy' Of A Ransomware Attack

By Ray Birch

BALTIMORE—Credit unions should brace for almost a month of major problems if they’re victimized by a ransomware attack, according to one cybersecurity expert, whose insights into the “anatomy” of a ransomware attack are coming at the same time nearly 60 CUs are currently trying to restore their own operations.

As those credit unions have come to learn, it takes on average 22 days to get through a ransomware attack and get to the other side, that same expert stated.

That information and additional insights were shared during a webinar hosted by cybersecurity firm Think/Stack, which that was held to provide CUs with insights and answers regarding ransomware in light of the recent attack that that continues to affect those five-dozen CUs hit by an attack on a common vendor.

“We're all being targeted, and this (recent attack) could have happened to anybody,” said Cal Bowman, Think/Stack VP of client innovation and strategy, referring to an attack on the CUSO Ongoing Operations that in turn affected the data processor Fedcomp. “So, it's really important we all recognize that every one of you here has vendors, has partners that are vulnerable. Therefore, the question is, are you ready to respond to any type of large-scale event that really can cripple your organization?”

What’s Been Learned

Bowman said a goal of the webinar, which was attended by more than 300 credit unions, was to walk through what happens during a ransomware attack and share what his company has learned supporting CUs that have been victimized by such attacks.

Think/Stack VP of Security and Risk Jennifer Anthony said when a ransomware attack occurs in an organization it frequently creates the “fog of war.”

“What you will see in a generalized ransomware attack is the tactical and technical pieces that begin to happen over the first couple days,” Anthony explained.

But at the same time a credit union is seeking to find a tactical path through that fog, the emotional side of the battle must be given attention, as employees struggle to get the CU operating again, Anthony said.

“There is confusion and concern,” she said. “Maybe someone can't get on to a system they previously could access. Maybe there's a service that's not working and folks are starting to feel confused about what's going on. All this is happening as your technical teams in the background are beginning to quickly investigate the source of the problem.”

Anthony emphasized a credit union involved in a ransomware attack should be prepared to spend at least three weeks dealing with it.

The Internal Threat

As CUToday.info has reported and as credit unions are frequently warned, ransomware attacks often occur due to an employee opening the door by falling for a phishing scam or downloading a file they believe to be safe.

“This is a function of human performance,” she noted. “We all begin to look for who's at fault, who did something they were not supposed to do that caused this. What we tell organizations is that when you get caught in that space, you should not spend a lot of time trying to figure out who to point the finger at, (but instead spend) time trying to figure out how to get out of the situation.”

Not surprisingly, Anthony described the working environment following an attack as “chaotic.”

‘Everyone’s Scared’

“Everyone's scared. We're not sure what's going on and maybe we have members who are really angry. Maybe we have board members that are really angry, or leaders that are really angry,” she said. “The goal at this point is to figure out how to get past it. We'll figure out who's to blame or what's to blame, or how we can prevent it in the future at a later point.”

It's an issue credit unions should take seriously, according to Anthony, who said there is a growing ransomware threat to the not-for-profit co-ops.

“In the last seven months we worked with six credit unions who individually found themselves in this space,” she said. “This is something that's happening on a regular basis, across all industries.”

Anthony reminded that as the credit union moves through a ransomware incident many employees will be feelin remorse and concern over fellow workers in IT who are working feverishly to restore operations.

“They feel like they are at fault for what is going on, and that is a very difficult place to be,” she said. “The technical teams are trying to figure out how to remediate the situation. I've been in organizations where technical teams are working nonstop, around the clock, for days and days. The credit union then is trying to figure out how do we feed people? How are we going to send people home to sleep so they can come back and be effective—because you are in this fight for a long time and there is a lot of pressure on everyone.”

Like Being in a Battle

Anthony likened the experience to those who fight in a war.

“I spent 20 years in the in the United States military, and this is a roller coaster akin to what a service member might experience in their daily lives—and this can be traumatic,” she said.

She urged credit unions to consider where they are vulnerable.

“We know 93% of ransomware attacks are in Windows-based environment,” she said. “If we listed them in order of frequency of occurrence, how they occur, here's what they would be: Number one is e-mail phishing campaigns. Number two would be (remote desktop protocol or RDP) vulnerabilities. And number three would be software vulnerabilities.”

The Long-Term Affects

While those 22 days are the typical time from attack to restoration of service, Anthony said the repercussions are felt for many months afterward.

“With the recovery efforts and return to operation, the average time for an organization to move through that is about nine months,” she said. “The attack is not the only thing organizations have to grapple with; there are follow-on impacts that are significant. If you're an organization that has about 500 employees, your average recovery cost is going to be about $3.1 million. If an attacker is successful in extracting information from your environment, you'll have to deal with the impacts of that.”

Steps to Take

What steps should credit unions take today to prevent an attack? CUToday.info will share those in a follow-up report.

Comments

Federal Reserve Board announces pricing, effective January 1, 2026

December 04, 2025 Federal Reserve Board announces pricing, effective January 1, 2026, for payment services the Federal Reserve Banks provide to banks and credit unions For release at 5:00 p.m. EST Share The Federal Reserve Board on Thursday announced pricing, effective January 1, 2026, for payment services the Federal Reserve Banks provide to banks and credit unions, such as the clearing of checks, automated clearing house (ACH) transactions, instant payments, and wholesale payment and settlement services. By law, the Federal Reserve must establish fees to recover the costs, including imputed costs, of providing payment services over the long run. The Federal Reserve expects to recover 108 percent of actual and imputed expenses in 2026, including the return on equity that would have been earned if a private-sector firm provided the services. Overall, price changes for 2026 will result in an estimated 0.9 percent average price increase for established, mature services. The entire ...

Read Complete Article HERE>»

Credit Union Profits Climb 21% As Margins Widen, NCUA Reports

If you don't read anything else, read this: Performance By Asset Category WASHINGTON—Federally insured credit unions posted a sharp rebound in profitability through the third quarter of 2025, with net income up 21% year over year to an annualized $19.1 billion, according to new NCUA data. The increase—one of the strongest gains across the agency’s quarterly metrics—came as institutions benefited from rising interest income, wider net interest margins, and relatively stable credit costs. The NCUA reported that Q3 data show interest income climbed 7.6% over the period while the systemwide net interest margin expanded nearly 13%, helping credit unions absorb higher operating expenses and modest increases in loan-loss provisioning. The earnings surge outpaced the credit union system’s 3.7% asset growth and came amid a mixed lending environment in which residential mortgage balances rose sharply, but auto lending weakened. The industry’s aggregate net worth ratio also im...

Read Complete Article HERE>»

Sunday Reading - What happened at Pearl Harbor?

What happened at Pearl Harbor? On Dec. 7, 1941, Japan launched a surprise attack on the American naval base at Pearl Harbor, Hawaii ( watch visualization ). The strike marked the culmination of a decade of rising tensions as Japan expanded its empire across East Asia and the Pacific. With its industrial capacity unable to match the United States in a long-term war, Japanese leaders opted for a preemptive blow designed to cripple American naval power. The attack—which permanently sank three American ships, damaged 15 more, and killed 2,403 Americans—was a tactical success but a strategic failure. Japanese forces did not hit the base’s oil reserves, submarine facilities, or repair yards, all of which proved crucial in the months that followed. The US Navy ultimately refloated all but three damaged ships, returning many to combat . Pearl Harbor was the deadliest attack on US ...

Read Complete Article HERE>»

Housing Forecast 2026: Mortgage Rates Remain Above 6%, but Affordability Improves Modestly

Mortgage rates will continue to average above 6% next year, but affordability will improve modestly as the typical monthly payment falls below 30% of a household's income for the first time since 2022, the Realtor.com® economic research team predicts in its 2026 housing forecast . The forecast predicts mortgage rates will average 6.3% across 2026, a slight improvement from the 6.6% full-year average expected for 2025, but still well above the 4% historic average recorded from 2013 to 2019. Nationally, home prices will continue to grow 2.2% through the end of next year, after rising by 2% in 2025, the forecast indicates. However, incomes and overall inflation are expected to continue rising faster than growth in home prices, delivering a slight boost to affordability. Read the complete story and review graphs; HERE _______________________________________ Join/Upgrade Check out some of NCOFCU's additional features: First ...

Read Complete Article HERE>»

New Podcast Series -3 Succession Planning Podcasts

https://www.ncofcu.org/podcast Join/Upgrade Check out some of NCOFCU's additional features: First Responder Credit Union Academy Financial Literacy Podcasts YouTube Mini's Blog Job Board

Read Complete Article HERE>»

Fed’s Powell: Strong hiring could force further rate hikes

By CHRISTOPHER RUGABER WASHINGTON (AP) — Federal Reserve Chair Jerome Powell said Tuesday that if the U.S. job market further strengthens in the coming months or inflation readings accelerate, the Fed might have to raise its benchmark interest rate higher than it now projects. Powell’s remarks followed the government’s blockbuster report last week that employers added 517,000 jobs in January , nearly double December’s gain. The unemployment rate fell to its lowest level in 53 years, 3.4%. “The reality is if we continue to get strong labor market reports or higher inflation reports, it might be the case that we have to raise rates more” than is now expected, Powell said in remarks to the Economic Club of Washington. Though price pressures are easing and Powell said he envisions a “significant” decline in inflation this year, he cautioned that so far the central bank is seeing only “the very early stages of disinflation. It has a long way to go.” Even as the Fed has raised r...

Read Complete Article HERE>»

New Jobs Report Released; Here's What CU Economists Say

WASHINGTON–The newest jobs report data indicate the labor market is moving away from a state of “imbalance,” but there remains “work to be done,” according to credit union economists. Data released today by the Labor Department show U.S. employers added 236,000 workers in March, with the unemployment rate falling to 3.5%. The data indicate the labor market remains solid even after a year of aggressive rate increases by the Federal Reserve as it has sought to tamp down inflation. Employers added jobs last month in leisure and hospitality, government, professional and business services and healthcare. Fewer jobs were seen construction, manufacturing and retail, the Labor Department said. ...

Read Complete Article HERE>»

Loan Growth Part 3

MADISON, Wis.–Credit union loan balances rose 1.1% in February, faster than the 0.2% reported in February 2021, even as membership growth slowed significantly during the first two months of 2022, according to data released as part of CUNA Mutual’s April Trends Report. The Report, which is based on data through February, showed overall loan growth was 9.6% during the last 12 months. What is actually happening below the surface? According to the Trends Report, consistent with the trend line the analysis shows large credit unions reported significantly faster loan growth in 2021 as compared to smaller credit unions. Credit unions with assets greater than $1 billion reported loan growth of 8.4% compared to credit unions with assets less than $20 million, reporting loan growth of 0.9%. Here's a look at how credit unions performed by category, according to the newest Trends Report” ...

Read Complete Article HERE>»

Not Your Mother’s Credit Union

“Stablecoins aren’t a speculative play. They’re the next evolution of payments — and a chance for credit unions to lead, not lag. It starts with connecting members to DLT rails - the digital wallet. Without that, nothing else can happen. It’s just a new payment rail - embrace it or lose the relationship. It’s that simple.” While ‘ stablecoins ’ were the prevailing buzzword across Money20/20 this year, the credit union industry had a significant presence. Small financial institutions have staked a place in the future of payments. Credit unions received a significant boost this summer with the enactment of the stablecoin bill into law. The Guiding and Establishing National Innovation for U.S. Stablecoins Act authorizes subsidiaries of federally insured credit unions, such as credit union service organizations, to become issuers. Not Your Mother’s Credit Union A Money20/20 fireside chat with the regulator for credit unions that I moderated focused on the rulemaking task a...

Read Complete Article HERE>»

Two Members of FOMC Indicate December Rate Cut Not a Sure Thing

WASHINGTON–Two members of the Fed’s Open Market Committee have indicated they are in no hurry to further cut rates, despite market expectations. “I’m not decided going into the December meeting” and “my threshold for cutting is a little bit higher than it was at the last two meetings,” Federal Reserve Bank of Chicago President Austan Goolsbee said in a Yahoo Finance interview. “I am nervous about the inflation side of the ledger, where you’ve seen inflation above the target for four and a half years, and it’s trending the wrong way.” Goolsbee was interviewed after last week’s Federal Open Market Committee meeting that saw policymakers cut their interest rate target by a quarter percentage point, to between 3.75% and 4%, as officials sought to offset rising risks to the job market while still keeping interest rates in a position where they’ll help lower inflation pressures, noted Yahoo Finance. As the report also noted, Fed Chair Jerome Powell cautioned last week that “a further r...

Read Complete Article HERE>»

First-responder Credit Union Newsroom

Search This Blog