6 Tips for Fighting Ransomware Attacks

Ransomware attacks surged in 2021, with financial institutions being a major target. So it is no longer a question of whether your credit union will be targeted, but how you will respond when it happens.

With that in mind, it pays to take a good hard look at what you are doing to protect your operations and member data from those who are looking to make a quick buck by crippling your network until you pay up.

Cybersecurity has always been a concern, but never have we seen a threat landscape like we face today. Ransomware, now the dominant form of intrusion, is a game of extortion. The hacker locks out or encrypts key data that is essential to an organization until it pays a steep ransom.

For a credit union, the target could be any system that holds data that affects member service or risks public exposure. When you are taken hostage, you either pay to regain access to your data, or risk destruction or public exposure of your data.

But you don’t have to be a helpless victim. There are actions you can take in advance of and during a potential ransomware attack to protect yourself. Here are six such actions:

1. The first and most critical aspect of protection is to have an incident response plan in place and know what it says. As your guide once an attack begins, it should spell out all aspects of your response, from immediate actions to communicating with everyone involved to looping in your ­cyber insurance provider and law enforcement.

There are numerous ways to prepare a plan, from detailed commercially available templates to a basic, do-it-yourself exercise – starting with materials from the NCUA or others – in which you consider all the aspects of your response. Most importantly, once that plan is in place, you and your teams have to know what is in it.

2. Test your plan. Conduct at least one tabletop exercise once a year, not only at the leadership level but within various teams throughout the credit union. Yes, it is time consuming, but it is also essential. Such an exercise is led by a third party – sometimes by your cyber insurance provider – and is designed as more of a mental challenge.

The next level – particularly for credit unions with strong response plans and procedures – is a third party-led simulated attack. This has the feel of a real ransomware attack and gives you and your team combat experience.

3. Communication is vital in an incident response plan. Most of us rely on email or instant messaging, but if your network infrastructure is compromised or quarantined, how do you communicate throughout the credit union or with members? An exercise or attack simulation helps you clarify this.

It is critical to know how to reach everyone in the credit union by alternate means, whether that involves access to everyone’s mobile numbers or through commercially available backup communication systems. It is critical that every role defined in the plan have a designated primary individual and backup.

4. In addition to planning a response, you can also work on prevention. Because the primary avenue for a ransomware attack is email, be sure to train all your employees to be wary of phishing emails – those with links or other contents that could allow ransomware into your network. This involves ongoing, consistent training and cybersecurity awareness.

But hackers are also finding other ways into the network, through third-party devices – security cameras, HVAC systems, sprinkler systems, etc. – that are internet-connected. Such systems often aren’t kept up as well as they should be with software patches and become points of attack. Isolating those systems and keeping them off your primary network adds protection.

5. Obsessively back up your data. If you have backups of your data available from just before the attack began, you may be able to restore your systems with those backups. Also, innovations in backup technologies do provide protection from ransomware, so these solutions are definitely worth exploring.

6. Last but certainly not least: Patch, patch, patch! Accurately inventory your network. Know what your assets are, where they are, and design a plan to patch them regularly. Part of cyber insurance is knowing what is covered, what isn’t and the financial details. A retainer agreement with your cyber insurance provider, by the way, offers you priority when you contact them in the event of an attack.

Sadly, ransomware is becoming “normal,” analogous to people catching the flu in the winter. If you think of your network in such human health terms, your goal is to proactively maintain good network health and fitness. But when sickness strikes, you need to know what to do and where to turn.

Kayvee Kondapalli SVP and Chief Information Officer Greater Texas | Aggieland CU Austin, Texas