White House Urges Businesses to Protect Against the Threat of Ransomware

A recent White House memo from Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, highlights the critical role that private sector businesses can play in protecting themselves against the threat of ransomware attacks.

The number and size of ransomware incidents has increased significantly in recent times. Ransomware attacks have disrupted organizations around the world, from hospitals across Ireland, Germany, and France, to pipelines in the United States and banks in the U.K. The threats are serious, and they are rising fast.

Business executives should convene their leadership teams to discuss ransomware threats, examine security posture, and review business continuity plans to ensure they have the ability to continue or quickly restore operations in the event of an attack.

The memo provides the U.S. Government’s recommended best practices, which can assist credit unions and drive down their risks:

  1. Implement the five best practices from the President’s Executive Order. President Biden’s Improving the Nation’s Cybersecurity Executive Order is being implemented with speed and urgency across the Federal Government. We’re leading by example because these five best practices are high impact: multifactor authentication (because passwords alone are routinely compromised), endpoint detection and response (to hunt for malicious activity on a network and block it), encryption (so if data is stolen, it is unusable), and a skilled, empowered security team (to patch rapidly, and share and incorporate threat information in your defenses). These practices will significantly reduce the risk of a successful cyberattack.
  2. Backup your data, system images, and configurations, regularly test them, and keep the backups offline. Ensure that backups are regularly tested and that they are not connected to the business network, as many ransomware variants try to find and encrypt or delete accessible backups. Maintaining current backups offline is critical because if your network data is encrypted with ransomware, your organization can restore systems.
  3. Update and patch systems promptly. This includes maintaining the security of operating systems, applications, and firmware, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to drive your patch management program.
  4. Test your incident response plan. There’s nothing that shows the gaps in plans more than testing them. Run through some core questions and use those to build an incident response plan: Are you able to sustain business operations without access to certain systems? For how long? Would you turn off your manufacturing operations if business systems such as billing were offline?
  5. Check your security team’s work. Use a third-party pen tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.
  6. Segment your networks. There’s been a recent shift in ransomware attacks — from stealing data to disrupting operations. It’s critically important that your corporate business functions and manufacturing/production operations are separated and that you carefully filter and limit internet access to operational networks, identify links between these networks and develop workarounds or manual controls to ensure ICS networks can be isolated and continue operating if your corporate network is compromised. Regularly test contingency plans such as manual controls so that safety critical functions can be maintained during a cyber incident.

Credit unions may also wish to look over some additional resources:

Question of the Week

Q. How do I know if someone passed counterfeit money to the credit union? What should we do once we know it’s counterfeit?

A. The proper credit union procedure is to use the counterfeit pen on all large bills (50s and 100s). The practice will assure the credit union and its members that we are not passing along counterfeit bills. It may be necessary to mark additional bills with the pen due to the operation of counterfeit rings and other circumstances. However, it also helps to be familiar with the look and feel of each bill to also help in identifying a counterfeit note. “Know Your Money” and the “U.S. Currency Education Program” provide training on the characteristics of legitimate currency.

If the credit union receives a counterfeit, here’s what you should do:

  1. Do not return it to the passer.
  2. If you feel it is an intentional act on their behalf delay the passer, if possible.
  3. Observe the passer’s description, as well as that of any companions to aid law enforcement. If possible, obtain the license numbers on any vehicle used.
  4. Notify your supervisor, who will in turn contact the local police department or the U.S. Secret Service field office.
  5. Write your initials and the date in the white border areas of the suspect note along with the initials of the person surrendering the bill(s).
  6. Limit the handling of the note. Carefully place it in a protective covering, such as an envelope.
  7. Surrender the note or coin to your supervisor for proper reporting. The designated person will report the counterfeit note or coin using The Secret Service’s website “USDollars” or complete the necessary Counterfeit Note Report, From SSF1604 and forward it to the local U.S. Secret Service Field Office:
    1. Idaho: 550 West Fort Street, #730, Boise, ID 83724
    2. Oregon: 805 SW Broadway, Suite 520, Portland, OR 97205
    3. Washington: 2101 Fourth Avenue, Suite 1600, Seattle, WA 98121 or 528 E Spokane Falls Blvd, #600, Spokane, WA 99202
  8. The member should be given a manual receipt for the transaction. If the suspected bill is deemed authentic, the member will be credited for the amount.

Related Links

USDollars website
Know Your Money
U.S. Currency Education Program
Counterfeit Note Report (manual form)

 Compliance Alerts

National Credit Union Administration

CFPB Interpretive Rule Clarifying the Equal Credit Opportunity Act: The NCUA issued Regulatory Alert 21-RA-07 to remind credit unions that the CFPB issue an interpretive rule which clarifies that the prohibition against sex discrimination I the Equal Credit Opportunity Act encompasses discrimination based on sexual orientation or gender identity.

Renewal of Prompt Corrective Action Relief: The NCUA issued Letter to Credit Unions 21-CU-04 which provides update on the renewal of the temporary modification and relief of the NCUA’s prompt corrective action regulation. The measure provides relief in two ways. (1) Adequately capitalized credit unions that are unable to meet the earnings-retention requirement will not have to submit written applications requesting approval to decrease the amount of earnings-retention required. (2) Credit unions that experience a decline in net worth due predominantly to temporary share growth may submit a streamlined Net Worth Restoration Plan.

Federal Reserve Board

FRB Issues Final Rule Amending Regulation D with Regard to Interest on Reserve Balances: The FRB approved a final rule amending Regulation D to eliminate references to an interest on required reserves (IORR) rate and to an interest on excess reserves (IOER) rate and replace them with a single interest on reserve balances (IORB) rate. The final rule also simplifies the formula used to calculate the amount of interest to be paid on such balances and makes other minor conforming amendments. The final rule goes into effect on July 29.

FRB Seeks Public Comment on Proposed Rule Changes to FedNow Service: The proposed rule would establish a new and comprehensive set of rules governing funds transfers over the FedNow Service and set out the legal rights and obligations of the Reserve Banks and FedNow Service participants. Many of the concepts in the proposed rule are similar to existing provisions that govern the Fedwire Funds Service, which is the payments service currently operated by the Federal Reserve System.

Office of Foreign Assets Control

OFAC has updated the SDN list as of June 2. The last update prior to this was May 21.

Questions? Contact the Compliance Hotline: 1.800.546.4465; compliance@nwcua.org.

Posted in Compliance News, Compliance News, Compliance Question.