Ransomware is nefarious code or actions attackers deploy to disrupt an organization’s operations, 通常是用他们的数据作为人质. The ultimate goal is to force a business to pay a ransom so it can return to st和ard operations.
它是 nearly impossible to harden defenses to the point where an organization is completely impenetrable to ransomware attacks. 它是, 然而, possible to dramatically improve the ability to mitigate the worst effects of an attack or reduce the odds of being attacked in the first place.
试图列出勒索软件的类型可能会变成一场追逐游戏. 事实上,美国网络安全和基础设施安全局(CISA) 调用ransomware 一种“不断进化的恶意软件”.“一些比较常见的勒索软件变种包括:
勒索软件的工作原理是试图强迫受害者支付赎金. 具体来说, 恶意软件 由攻击者在勒索软件攻击中部署将遵循闯入模式, 恶意加密目标数据, 然后强迫公司或个人支付赎金.
如上所述,双重勒索已经变得越来越普遍. 对于现代攻击者来说,阻止对公司数据的访问是不够的, 他们也看到了偷窃的价值,并要求额外的报酬来取回它.
勒索软件对网络系统的影响各不相同, 取决于防御的类型和反应时间. 当获得访问权限时, attackers can use post-exploitation frameworks to search the environment 和 gain elevated privileges. 如果威胁行为者获得了完全的访问权限, 他们可以加密整个网络, 导致业务服务完全中断.
Infected endpoints in the larger network ecosystem could contain the threat for a period of time, 但在恶意软件传播之前,这是一场与时间的赛跑. Rapidly removing these infected assets is essential to limiting the blast radius of an attack.
勒索软件在当今世界无处不在. 让我们来看看最近一些值得注意的例子.
这2017 WannaCry勒索软件攻击 是最近最著名和最臭名昭著的勒索软件之一吗. It deviated from traditional ransomware by including a component that was able to find vulnerable systems 和 spread quickly. 因为这种行为, 这种类型的勒索软件被称为蠕虫, 在网络中挖隧道,造成最大的破坏.
Due to the nature of employing both traditional phishing tactics 和 the worm format of the 恶意软件, 这一事件尤其恶劣,并在全球范围内造成了影响. A Bitcoin ransom was dem和ed from users as well as organizations who typically did not have up-to-date software 和/or potentially poor hygiene around permissions, 密码, 和凭证.
类似于WannaCry, Petya ransomware typically was deployed with the ability to spread easily 和 quickly locate vulnerabilities. Users would encounter it as a reboot request, after which their systems would become unavailable. Petya was first launched as malicious email attachments that would infect a system after a user clicked on the attachment 和 it downloaded locally.
最初的Petya袭击在乌克兰各地造成了大规模破坏, severely affecting its banking infrastructure as well as other critical sectors in the country. 从那里,它像野火一样蔓延到整个欧洲. 随后的变体, 被称为NotPetya, featured even more malicious capabilities than the original version 和 also caused billions of dollars in damage.
也许是这些例子中最持久的, CryptoLocker主要通过包含恶意附件的网络钓鱼电子邮件引诱受害者. 这也许是一个好时机,让我们停下来赞美一下 安全意识培训. 并不是所有的, but many of these attacks require an action on the part of the user to be able to access their system(s), 因此,让员工意识到该采取什么行动和不该采取什么行动是很重要的.
值得注意的, CryptoLocker was particularly effective due to bad actors mimicking prompting actions of well-known companies like FedEx 和 UPS. 非对称加密用于锁定用户的文件, 这意味着使用两个密钥:一个用于加密,一个用于解密.
Ransomware can be prevented by following key best-practice behaviors that should flow throughout the whole of any security program. 放大, there are two key phases of a ransomware attack during which action is critical in order to lower risk 和 prevent the worst effects of an attack.
Avoid becoming a repeat victim by identifying 和 remediating the initial access 和 execution vectors in the first attack to ensure complete attacker eradication.
勒索软件可以通过有效的反恶意软件解决方案扫描网络来清除. Teams should be able to automatically investigate 和 contain ransomware/恶意软件 before it can do real damage.
扫描发现后, it’s a good idea to quickly remove a targeted user’s domain account from the local administrator group. User accounts with administrator rights allow for automated 和 targeted attacks to interact with system-level privileges 和 easy deployment of ransomware.
另外, system administrators can generate decision points for security analysts to block infected user accounts 和 恶意软件 communications – or completely quarantine machines from the network. 利用自动化来减缓感染, 安全响应人员将有更多的时间来完全消除勒索软件的威胁.