Ransomware is malicious software, or malware, that blocks access to your computer system and essentially holds your data for ransom. If your credit union's computers fall victim to ransomware, you'l be asked to make an anonymous ransom payment, typically in the form of bitcoins, to an equally anonymous hacker in exchange for removing the ransomware.
There are three levels of ransomware. The least dangerous is called "scareware." In this scenario, fake antivirus software "identifies" a nonexistent virus on your computer and demands that you pay real money for a solution. The typical IT department can easily deal with this type of ransomware.
Ransomware that locks your screen or browser is considered a medium threat. In one popular attack variation, your screen will display a message – allegedly from a government agency like the Department of Justice or the FBI. The message will reveal illegal activity that was conducted on your computer, demanding the immediate payment of some fine.
Believe it or not, some people actually fall for this.
The most dangerous type of ransomware by far is that which encrypts your system files, rendering them inaccessible and useless. At this point, the hacker can just sit back and wait. Until you pay the ransom, you won't have file access. The hacker doesn't care if you pay in an hour, a day, a week – or ever.
If your credit union becomes a victim of this last type of ransomware, the big question becomes, "Should you pay the ransom?" Opinions varied. The general consensus among law enforcement officials is that you should just pay the ransom, get your data back, beef up security and move on.
But cybersecurity experts suggest just the opposite: They argue that paying the ransom doesn't guarantee you'll get your data back. Late last month, for example, it was reported that Kansas Heart Hospital in Wichita, Kan., fell victim to ransomware. The hospital paid the ransom, but instead of receiving the encryption key from the hackers, it received a new request — for even more money.
That leads to cybersecurity experts' second concern about ransom: Just one payment to one hacker places a target on a credit union's back, garnering attention from like-minded hackers seeking a similar payoff.
Of course, your goal should be to avoid these attacks entirely. The first step is to reduce your vulnerabilities – common ones of which include:
- Your credit union uses legacy software.
- You haven't updated employees' browsers and other software.
- Your hardware is out of date.
- You only have a backup plan for your core data – as opposed to all of your critical data.
- You haven't provided adequate cybersecurity training to your employees.
Like virtually all malware attacks, ransomware attacks are entirely preventable if you and your employees adhere to cybersecurity best practices.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
