Skip to main content

What You Can Do About Ransomware Threat

By Ray Birch

RANCHO CUCAMONGA, Calif.—In the wake of a ransomware attack that shut down 60 credit unions, cyber security experts are warning many CUs are just one compromised key supplier away from being shut down, too. It’s a growing threat they say can have numerous  downstream effects on many organizations.

No institution is immune, and the best line of defense remains educating employees on how to avoid making mistakes that place a credit union, CUSO or vendor right into the hands of criminals.

“Co-op Solutions views ransomware attacks as an industry-wide threat that will continue for the foreseeable future with two main threat areas of concern,” said Christopher Williams, deputy chief information security officer at Co-op.

Feature Ransomware

The two areas of concern, according to Williams, are Ransomware-as-a-Service (RaaS) models and cyber supply chain threats.

A Proliferating Model

“With the RaaS model, an attacker doesn’t need to develop their own ransomware capability to turn a system compromise into a ransomware attack. This model has proliferated the cybercrime world. The model can quickly incorporate new tactics, techniques and procedures (TTPs) to be used by a wide range of threat actors,” he said. “The second threat area is the cyber supply chain. Attacks against key suppliers have a ripple effect across the supplier’s client-base. Many companies are one compromised key supplier away from a business crippling service impact.”

How to Respond

wlliams

Christopher Williams

Given that growing threat, what should credit unions be doing now?

“Credit unions should continue to educate their employees on the risk of ransomware attacks and the methods used to gain initial unauthorized access,” Williams advised. “Phishing remains a top attack vector, and social engineering of the service or help desk to compromise user credentials is on the rise.”

Credit unions also need to have robust backup capability—restoring to a clean and non-infected copy of system data, Williams added.

“That can help with the recovery of a ransomware attack,” he said. “In addition, they should become active members of the local area U.S. Secret Service Electronic Crimes Task Forces (ECTF) or Financial Crimes Task Forces (FCTF), which can provide advice in preventing attacks and support during suspected or actual attacks. In addition, monitor threat intelligence type sources for indications of attacks against their organizations or their vendors and new TTPs being used by attackers.

“Finally, practice the incident response to a ransomware attack. Drilling the panic and unknowns out of the process will help increase the chance of a successful recovery if an actual attack occurs,” he said.

The Good News? CUs Not Alone

Jim Stickley, CEO of Stickley on Security, said credit unions are one of many industries being affected by ransomware.

“I am not certain that ransomware is specific (to any organization), and credit unions and fintechs are just part of the much bigger picture of the state of ransomware in general,” said Stickley, who is also CEO of Troy, Mich.-based Mahalo Technologies. “Most people have this idea that cybercriminals are targeting a specific business type. While it’s true that healthcare and education are targeted directly and we also see banks and credit unions get targeted, when it comes to more general business, such as fintechs, we have not seen that level of direct attacks. Instead, what you see is employees who fall victim to phishing attacks or malicious websites.”

‘Average’ People, Not an Average Website

Stickley said when those incidents are investigated, what’s all-to-often discovered is that it was a phishing email that had been sent to hundreds of thousands of organizations that is the culprit, often in in the guise of te malicious websites that have been promoted though malvertising to “average” people. 

stickleyJim

Jim Stickley

“In these cases it’s just the low-hanging fruit. If an employee clicks the link, opens the attachment or browses to malicious sites, they open the door to the criminals. The criminals really don’t care if that organization is fintech, credit union or other business segment,” said Stickley, adding adding he does not believe the recent attack that hit DP vendor Fedcomp and than affected 60 credit unions had any company or credit union as a specific target.

“For criminals, there is little need to put a direct focus on fintech at this time since just about every business entity has similar value and so they will continue to cast a very wide net and whoever gets caught up will be their next victim,” he said.

Advice Shared

For credit unions looking to take some practical steps to defend themselves from ransomware, TruStage is sharing some strategies.

“Responding to the immediate threat of a ransomware attack or any cyber incident in a timely manner is critical to minimize data loss, contain the threat and restore operations,” Chris Gill, TruStage senior manager, risk and compliance solutions, told CUToday.info. “This is true even when that threat originates with a credit union’s third-party service provider or partner. Security incidents that do not originate at a credit union can still have a large impact on credit unions’ operations and reputation.”

Noting the affects such attacks have on member service, Gill added, “It reminds us all of the importance of having strong controls in place to minimize exposure, and to have a comprehensive business resiliency plan that is regularly tested and updated.”

Comments

Post a Comment

Please no profanity or political comments.

Popular posts from this blog

What Does PTSD in a Firefighter Look Like? A New Brain Scan Can Show You

Link Post-traumatic stress disorder (PTSD) is often described as one of the invisible scars that firefighters and others accumulate after years of dealing with trauma in their jobs. Now the scars are invisible no longer. A new tool—the SPECT scan—is offering a new way for firefighters and others with PTSD to visualize their injuries. SPECT stands for single photon emission computed tomography, and it creates 3-D scans of the patient’s brain that look at blood flow and brain activity, KTLA reports. Those scans can then be used to generate a treatment plan tailored to the specific patient based on the visual effects of PTSD. Retired Firefighter-Paramedic Matthew Fiorenza, a PTSD sufferer, told the station that the scans also help make the illness more tangible. “Looking at a picture of my brain, it just took the stigma out of it,” he told KTLA. “It’s like, okay, I’m not crazy.”  
Post a Comment
Read Complete Article HERE>»

The Pros and Cons of Tariffs

Since there has been so much discussion on Tariffs, I felt a post would benefit our membership. Grant Sheehan CEO NCOFCU Tariffs 1440 Business & Finance Background A tariff—a word derived from the Arabic arafa, meaning “to make known”— is a tax imposed by a government on goods that are imported or exported . Historically, tariffs have served as a primary source of revenue and a means to protect domestic industries, as they make foreign products more expensive, encouraging consumers to purchase locally produced goods. The tools have a checkered history, famously bolstering US textiles, German steel, Japanese cars, South Korean technology, and more, arguably contributing to major economic downturns like the Great Depression. Tariffs can be specific (a fixed fee per unit) or ad valorem (a percentage of the item's value). Purpose Economically, tariffs aim to protect domestic industries, generate government revenue, and influence trade policy. By imposing taxes on imported goods —wh...
Post a Comment
Read Complete Article HERE>»

Advice On Winning Over Gen Z In ’25

NEW YORK—As 2025 approaches the close of Q1, how can credit unions win over Gen Z? By tailoring credit rewards for a digital-first generation, a new report recommends. Gen Z is reshaping the workforce and redefining financial behaviors. As of 2024, this generation is poised to surpass Baby Boomers in workforce size and will make up 30% of the workforce by 2030. This rapid growth presents a major opportunity for financial institutions to tap into a younger, digitally native audience with distinct spending habits and financial needs, emphasized a GlobalData report authored by Zachary Johnson, specialist, campaign execution & strategy, financial services at VDX.tv. “Unlike previous generations, Gen Z’s economic journey has been shaped by inflation and delayed career starts due to the pandemic and skyrocketing living costs. These factors have made them highly dependent on credit, with Gen Zers being 23% more likely to own a credit card than Millennials at the same age, and carrying...
Post a Comment
Read Complete Article HERE>»

Hauptman Announces Changes to NCUA’s Overdraft/NSF Fee Collection

      Hauptman Announces Changes to NCUA’s Overdraft/NSF Fee Collection WASHINGTON, D.C. (March 3, 2025) – To help ensure credit unions can continue to support the needs of Americans struggling with inflation, the National Credit Union Administration will no longer publish overdraft and non-sufficient fund fee income for individual credit unions, Chairman Kyle S. Hauptman announced today. The NCUA will ...
Post a Comment
Read Complete Article HERE>»

Share Insurance Fund Report Highlights Asset, Income Growth in Q4 2024

      Share Insurance Fund Report Highlights Asset, Income Growth in Q4 2024 ALEXANDRIA, Va. (Feb. 27, 2025) – The National Credit Union Administration Board held its second open meeting of 2025 and received a briefing by the Chief Financial Officer on the performance of the National Credit Union Share Insurance Fund for the quarter ending on December 31, 2024. The Share Insurance Fund reported a net income of ...
Post a Comment
Read Complete Article HERE>»