Have $175? Then it doesn’t matter if you utterly lack technical skills, you can become a cybercriminal. That’s because a malware strain called Karmen – potent ransomware – has been on sale on the dark web for $175. That’s how bad this has gotten and it very well may cost your credit union money.In mid-May a ransomware attack infected thousands of organization in 70+ countries. It all happened in the space of a few days. Some 200,000 are said to have been victimized. Ransomware now is just about the fastest spreading malware out there. The tools that spread it are slick and, as Karmen shows, they are also cheap.Little to no technical skill is needed to unleash ransomware via phishing emails on an unwary public and, increasingly, the targets of choice are businesses – especially American businesses – and that’s because businesses often are willing to pay up to rid themselves of malware. Symantec, in fact says the average ransomware payout in 2016 was $1077, up from $294 in 2015.Symantec also said that the payout rate in the US reached 64%, compared to 34% globally. That means about two in three US victims pay up.Data from NTT Security also said that the US is by far the most common victim of ransomware. The news gets worse. Symantec said ransomware attacks were up 36% year over year. Probably there will be still more this year.Ransomware is bad. There are various flavors but a common format is that the criminal mass mails out links that, when clicked on, download apps that lock files, preventing the user’s access. The files could be just about anything, from email to the entire computer.Know this: There are steps you need to take to protect yourself against being a ransomware victim. A key secret: the best self-defense is assuming you will be a victim and preparing accordingly. How? Read on.Also know: credit unions have already fallen victim to ransomware. How many? Nobody knows. Victims – especially ones likely to feel exceptional embarrassment and that includes financial institutions – do not advertise that they fell into a trap. But credit union security experts talk of “at least several dozen” credit unions that have fallen victim to ransomware, paid ransoms, and sometimes regained access to their data.Small and medium sized credit unions are believed to be especially vulnerable because – unlike the mega credit unions – they typically lack sophisticated malware detection tools that stop malware from penetrating the organization.Probably more credit unions will fall victim. That’s because savvy criminals now are doubling down on attacks on businesses. Said Symantec: “a small number of groups have begun to specifically target businesses with ransomware attacks designed to infect multiple computers on a single network and encrypt valuable data.”Won’t a small payment result in the files being unlocked – so maybe this isn’t such a big deal? Not necessarily. Cyber crooks are crooks and that means they may not always live up to their word. Just because a ransom is paid does not mean full access to data is restored. Said Symantec: “Paying the ransom doesn’t guarantee decryption of the victim’s files. According to the Norton Cyber Security Insight team, only 47 percent of victims who paid the ransom reported getting their files back.”Symantec also – worryingly – reported that smart criminals are beginning to try to attach ransoms that take into account the value of the data that has been locked. It pointed to a $70,000 ransom paid by San Francisco’s Municipal Transportation Agency which had seen its light rail system disrupted.A credit union’s files might well be perceived as highly valuable.What can a credit union do to protect itself? Several things and it starts by training employees not to click on links in phishing emails – and retraining them frequently.But probably the single biggest step a credit union can take is to make sure its data are backed up and can be easily retrieved and put to use. Do just that – assume you will be victimized and prepare your defenses now – and you put yourself on safe ground.Savvy smartphone users generally aren’t ready ransomware victims because an iPhone user often has most of his/her data backed up to iCloud. An Android user also often will have lots of data automatically backed up in Gmail, etc. When the data is on hand, it’s easy to tell the criminal to buzz off.The very same idea works for a credit union. Backup all critical data and that’s the antidote to ransomware.Accept this: very probably your institution will be assaulted this year by ransomware criminals. How you fare is up to you.Take a few steps, now, and very probably you will do well indeed. 43SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr,Robert McGarvey A blogger and speaker, Robert McGarvey is a longtime journalist who has covered credit unions extensively, notably for Credit Union Times as well as the New York Times and TheStreet, … Web: www.mcgarvey.net Details
The ministry has a policy of regularly conducting broad reviews of the GPFG in the run up its annual report, which it presents to parliament around the end of March.As part of the review, the ministry will also commission two consultancy reports on management costs and responsible management activities in other large funds. McKinsey and Inflection Point Capital Management are to put these reports together.The ministry said it had also sent letters in June to Norges Bank asking for advice and assessments on these topics.The management review group includes Magnus Dahlquist, professor at the Stockholm School of Economics, and Bernt Arne Ødegaard, professor at the University of Stavanger.Dahlquist is also research fellow at the Centre for Economic Policy Research in London and at Network for Studies on Pensions, Ageing and Retirement in the Netherlands. Both he and Ødegaard have previously served on expert groups advising Norges Bank.The private equity group includes Trond Døskeland, associate professor at the Norwegian School of Economics, and Per Strömberg, professor at the Stockholm School of Economics. Norway’s ministry of finance has appointed two expert groups to review aspects of how its NOK7.7trn (€823bn) sovereign wealth fund invests.One group will look at the management of the Government Pension Fund Global (GPFG), analysing the performance of its active management. It will make a recommendation regarding whether the size of the fund’s relative risk budget – or expected tracking error limit – should be adjusted.The second group is to assess whether the fund should be allowed to invest in unlisted equities. Although Norges Bank Investment Management (NBIM) – part of the central bank Norges Bank and the fund’s manager – is already allowed to invest in unlisted real estate and in unlisted companies where that company intends to seek a listing, it cannot generally invest in private equity. The management review group is to submit its report by January 2018, the finance ministry said, while the private equity group has a December 2017 deadline for its report.