In early February 2019, the Credit Union National Association's (CUNA) website was knocked offline due to a ransomware attack. CUNA made a quick recovery. By February 4th, its site had been fully restored. Details about the exact ransomware software used and how CUNA made such a fast recovery are still unknown.
Good backups and the ability to quickly restore them have been the savior of many ransomware victims. Ransomware attackers know some victims will have the ability to restore their systems and are now exploiting them in other ways. By stealing sensitive data from a victim's system and threatening to dump it onto a public website, attackers are yet again gaining the upper hand against victims. A lot of victims can't afford to have their company's reputation tarnished. The only way out of this scenario is to pay up.
Cyber insurance has also played right into the ransomware attacker's playback. Attackers know that cyber insurance is an easy way for companies to payout.
The solution for credit unions and banks is in user preparedness and awareness. Ransomware attackers must get into a system and that is usually through poor user security practices — clicking a disguised link in an email, opening file attachments from unknown senders, or installing fake software on their machines. All of these gateways provide attackers with just enough access to exploit most any system. Those companies with the most stringent user training and highest security protocols will remain the ones that have little chance of becoming a victim.
Of course, we can't leave out backups and protection of user data. Good backups are the key to preventing a system disaster. Protecting user data means avoiding having any sensitive information unencrypted or even available anywhere on your system. The use of tokens has become commonplace as a means for authorization. Such tactics ensure specific data is never made available to attackers.