勒索软件是攻击者用来破坏组织运作的恶意代码或行为, typically by holding their data hostage. 最终目标是迫使企业支付赎金,以便恢复正常运营.
几乎不可能强化防御,使组织完全无法抵御勒索软件攻击. 它是, 然而, 有可能极大地提高减轻攻击最坏影响的能力,或者首先降低被攻击的几率.
Attempting to list types of ransomware can turn into a game of chase. Indeed, the US Cybersecurity 和 Infrastructure Security Agency (CISA) 调用ransomware 一种“不断进化的恶意软件”." A few of the more common ransomware variations include the following:
Ransomware works by attempting to force a victim to pay the ransom. 具体来说, 恶意软件 deployed by an attacker in a ransomware attack will follow a pattern of breaking in, maliciously encrypting targeted data, 和 then forcing the ransom from the company or individual.
As mentioned above, double extortion has become more common. It’s not enough for modern attackers to block access to a company’s data, they also see the value in stealing it 和 dem和ing an extra payment to get it back.
The effects of ransomware on network systems can vary, depending on the type of defenses in place 和 response time. 当获得访问权限时, 攻击者可以使用利用后框架来搜索环境并获得更高的权限. 如果一个 威胁的演员 获得完全访问权限, they could encrypt the entire network, leading to complete disruption of business services.
大型网络生态系统中受感染的端点可能会在一段时间内遏制威胁, but it’s a race against the clock before the 恶意软件 spreads. 迅速清除这些受感染的设备对于限制攻击的爆炸半径至关重要.
Ransomware is ubiquitous in today's world. Let's take a look at some recent notable examples.
这2017 WannaCry勒索软件攻击 is one of the most notable 和 infamous recent examples of ransomware. 它与传统的勒索软件不同,它包含了一个能够找到易受攻击系统并迅速传播的组件. 因为这种行为, this type of ransomware is known as a worm, tunneling its way through a network 和 doing the maximum amount of damage.
由于采用传统的网络钓鱼策略和蠕虫格式的恶意软件的性质, it was particularly nasty 和 caused fallout around the globe. 黑客向用户和组织索要比特币赎金,这些组织通常没有最新的软件,或者在权限方面可能不卫生, 密码, 和凭证.
类似于WannaCry, Petya勒索软件的部署通常具有轻松传播和快速定位漏洞的能力. 用户将遇到它作为重新启动请求,之后他们的系统将不可用. Petya最初是作为恶意电子邮件附件发布的,当用户点击附件并在本地下载后,它会感染系统.
The initial Petya attack did large-scale damage across Ukraine, 严重影响其银行基础设施以及该国其他关键部门. 从那里, it was able to spread across Europe like wildfire. 随后的变体, 被称为NotPetya, 比原始版本更具有恶意功能,也造成了数十亿美元的损失.
Perhaps the most persistent of these examples, CryptoLocker primarily lured victims with phishing emails containing malicious attachments. This might be a good time to pause 和 extol the virtues of 安全意识培训. 并不是所有的, 但是,这些攻击中的许多都需要用户采取行动才能访问他们的系统。, so it’s important that workforces are aware of actions to take 和 not to take.
值得注意的, 由于坏人模仿联邦快递和联合包裹等知名公司的提示动作,CryptoLocker特别有效. Asymmetric encryption is used to lock users out of their files, meaning two keys are employed: one for encryption 和 one for decryption.
勒索软件可以通过遵循贯穿整个安全程序的关键最佳实践行为来防止. 放大, 勒索软件攻击有两个关键阶段,为了降低风险和防止攻击的最坏影响,在这两个阶段采取行动至关重要.
通过识别和修复第一次攻击中的初始访问和执行向量,以确保完全根除攻击者,从而避免成为重复受害者.
Ransomware can be removed by scanning networks with an effective anti-恶意软件 solution. 团队应该能够在勒索软件/恶意软件造成真正的破坏之前自动调查和遏制它.
扫描发现后, 从本地管理员组中快速删除目标用户的域帐户是个好主意. 具有管理员权限的用户帐户允许自动和有针对性的攻击,以与系统级权限交互,并轻松部署勒索软件.
另外, 系统管理员可以为安全分析人员生成决策点,以阻止受感染的用户帐户和恶意软件通信,或者完全隔离网络中的计算机. Leveraging automation to slow the infection, security responders will have more time to fully eradicate the ransomware threat.
2023 Ransomware Stats: A Look Back To Plan Ahead
Learn about Rapid7's Ransomware Prevention Solution
Ransomware-as-a-Service (RAS) Cheat Sheet