Ransom Banner
Risk & Fraud

COVID-19 Impact on Ransomware – a Reemerging Credit Union Threat

By: Gene Fredriksen, Security Strategy Consultant

Ransom is nothing new, as we know from popular culture. It is often depicted as a note in crime shows or Western movies, from a kidnapper demanding payment for the safe return of a victim taken hostage. In the age of COVID-19, ransomware is one of the biggest data security threats that companies face. When cybercriminals target businesses for ransom, their key to success is snatching something so valuable that the company is unable to operate without it. For credit unions, this is often vital member information.

Cybercriminals use ransomware to employ computer system attacks so sophisticated that they can infect a company’s infrastructure and cause business to freeze. Ransomware is an insidious type of malware that encrypts data, making it indecipherable. The most prevalent attack is tricking an employee into clicking on a link or attachment in an email that allows the malware to enter the company network. This sets up the cybercriminal to demand a “ransom” – typically in bitcoin or another untraceable payment method – in exchange for unscrambling the encrypted data.

Ransomware is on the rise (again) and a growing credit union threat. Why now? While the switch to remote working due to the COVID-19 pandemic has enabled credit unions to remain productive, the use of alternate system connection methods has introduced risks that did not exist within the office environment. The most prominent are security vulnerabilities in remote desktop tools and protocols. These tools, by nature, use an open source for remote access, making them more vulnerable to cyberattacks. When computers are not controlled in the office, it can increase the possibility of missed upgrades, insecure wireless networks and weak user passwords.

We may want to believe that ransomware is unlikely to target our credit unions, but I am personally aware of multiple instances. At a global level, Skybox Security’s 2020 Vulnerability and Threat Trends Report finds that ransomware has thrived in the first half of the year, with a 72% increase in new samples of the file-encrypting malware.

Email itself has become more vulnerable. Not because of current technology, but because in a world where so many have transitioned to working remotely, users may be more likely to trust unfamiliar emails in their company inbox.

Ransomware is always evolving and has become more virulent. Computer viruses continue to morph as the criminals behind them constantly work to increase their destructiveness and profitability. Initially, criminals were just interested in making money by ransoming the data. More recently, they have started to make a copy of the member information before they encrypt the data and send the ransom note. This enables the criminals to sell the data on the dark web, making a profit on the sale as well as from any ransom the company pays. When dealing with criminals, always expect the worst.

Protecting Your Credit Union from Ransomware Attacks

As recent data shows, businesses of all kinds are at risk of ransomware attacks at any given time. Here are some key best practices to help protect your credit union from these cyberthreats:

  • Keep educating your employees. Many workers have unexpectedly shifted to an unfamiliar remote working environment without adequate training. Employee training about remote security topics including computer system updates, effective passwords and email vulnerabilities can actively prevent ransomware from infiltrating your company network.
  • Regularly monitor your credit union’s business devices, digital files and web browsing activity.
  • Verify your credit union’s operating system security configuration and patching of network devices, and ensure your antivirus solutions are up to date.
  • Make sure your credit union has a comprehensive plan for addressing and resolving ransomware attacks if they should occur.

We are facing a technically proficient, well-funded and aggressive foe in ransomware criminals, who have the means to cause severe financial harm to credit unions and members. Staying vigilant and prepared to prevent and manage these increasing threats will pay dividends in the future.

Gene Fredriksen is a co-founder and current executive director of the National Credit Union ISAO and the principal cybersecurity consultant with PureIT CUSO. He has previously held the positions of CISO for PSCU, Global CISO for Tyco International, principal consultant for security and risk management strategies for Burton Group, vice president of technology risk management and chief security officer for Raymond James Financial, and information security manager for American Family Insurance.

Fredriksen served as the chair of the security and risk assessment steering committee for BITS, and also served on the R&D committee for the financial services sector steering committee of the Department of Homeland Security. He also served as an advisor on various cybersecurity steering committees for the administrations of George W. Bush, Bill Clinton and Donald Trump, assisting in the preparation of the president’s Cybersecurity Position Paper.