ALEXANDRIA, Va. (May 22, 2017) – In the wake of the “WannaCry” global ransomware attack, the National Credit Union Administration reminds federally insured credit unions to verify they have effective controls in place to prevent similar attacks.
NCUA provides credit unions with extensive information on protecting systems, cybersecurity preparedness, and ransomware defense strategies at its Cybersecurity Resource Center.
The WannaCry attack hit more than 300,000 victims in more than 150 nations, disrupting critical infrastructure, like healthcare, in some countries. This attack paired malware designed to exploit known Windows vulnerabilities with ransomware to infiltrate and encrypt data on affected systems. Systems using supported versions of Windows with up-to-date security patches were not affected. Affected organizations with robust incident response and system backup practices were capable of recovering with limited impact. Strong basic cyber hygiene practices can prevent infection by most types of ransomware.
This attack was designed to spread to new machines and systems and did not require a user to perform an action like opening an email attachment in order to spread the ransomware. Although the attack has so far had limited impact in the United States, NCUA expects to see similar and increasingly sophisticated attacks of this nature. That is why it is essential that federally insured credit unions validate their cyber defenses, especially those practices that can prevent attacks like WannaCry from affecting their systems in the future.