“They had my photos and credit card information and my credit union information,” Ulrich said. “I can't believe I had to pay $1,200 to get my information back. But I did it. What choice did I have?”

Cybercriminal gangs attacking financial institutions will be upping the ante in 2016. Researchers at Dell SecureWorks Counter Threat Unit (CTU) expect that attacks will occur in more countries and the criminals will expand their efforts to compromising mobile devices and spreading ransomware.

Michael Foley, a senior McAfee security researcher, predicted that attacks will expand this year beyond the 1,500 financial institutions in 100 countries that were hit in 2015 and despite the progress that was made against a few criminal organizations last year. In 2014, about 1,350 banks in 35 countries were victimized, he said.

“Going forward, not only will major corporations continue to be in their sights, but small and medium-size banks and credit unions that do not have the resources to properly defend themselves will become favored targets,” Foley said. “The gangs are definitely not giving up. This is their business and they are expanding their horizons.”

But there's more bad news: a new kind of Android malware steals online banking credentials and can hold a device's files hostage in exchange for a ransom. The malware, called Xbot, is not widespread yet and appears to be targeting devices only in Australia and Russia, researchers with Palo Alto Networks wrote recently in a blog post. But they believe the mastermind behind Xbot may try to expand its target base.

“As the author appears to be putting considerable time and effort into making this Trojan more complex and harder to detect, it's likely that its ability to infect users and remain hidden will only grow,” the Palo Alto researchers wrote.

Xbot uses a technique called activity hijacking to carry out attacks aimed at stealing online banking and personal details. When someone tries to launch an application, the malware launches a different action. Users are unaware that they're actually using the wrong program or function.

“So far we've found seven different faked interfaces,” Palo Alto researchers wrote. “We identified six of them — they're imitating apps for some of the most popular banks in Australia. The interfaces are very similar to these banks' official apps' login interfaces. If a victim fills out the form, the bank account number, password, and security tokens will be sent” to the command-and-control server.

The Palo Alto blog also reported that banks in the United States and the U.K. were the top targets of banking Trojans in general in 2015, with U.S. banks targeted 471 times, while U.K. banks suffered 309 attacks.

In addition to the ransom, which can range from $200 to $10,000, victims may face costs for network mitigation, network countermeasures, loss of productivity, legal fees, IT services and the purchase of credit monitoring services for employees or customers.

Backing up the contents of computers may be one of the best ways to protect against the growing threat of ransomware, and while most credit unions perform backups, their members probably do not. For the safety of the credit union and the members, McAfee's Foley recommends that credit unions take the initiative to warn their members and educate them with these tips.

Perform regular maintenance and updates on computers and handheld devices. Back up files on an external hard drive as well as on the cloud. Beware of what you're opening and clicking on when you are on the web. Install antivirus software and a firewall from a reputable company. Use automatic updates to help ensure you business's antivirus software and firewall are protecting you against the most current threats. Enable pop-up blockers on your web browser to help avoid accidental clicks on pop-ups, which are used routinely by criminals to spread malicious software. Educate employees about the risks and train them to be suspicious of unsolicited emails and to avoid clicking on links or attachments in emails.

“I wish I had backed up my photos because I didn't get those back,” Ulrich said. “I never thought a regular person like me would get hit by something like this. It's like a science fiction novel.”