~001.png)
On May 7, 2021, the Colonial Pipeline, 从德克萨斯到新泽西,东海岸几乎一半的燃料都是由它运送的, shut down operations in response to a ransomware attack. Colonial paid a $4.在发现袭击后不久就获得了400万赎金,管道在一周内重新开放. While there was enough stored fuel to weather the outage, 恐慌性抢购导致东海岸汽油短缺,全国平均汽油价格超过3美元.00 per gallon for the first time since 2014.1
Ransomware is not new, 但殖民管道事件表明了关键基础设施的风险,并引发了联邦政府的强烈反应. Remarkably, the Department of Justice recovered most of the ransom, and the syndicate behind the attack, known as DarkSide, announced it was shutting down operations.2 美国国土安全部(Department of Homeland Security)发布了新规定,要求关键管道的所有者和运营商在发现网络安全威胁后12小时内报告, 并审查网络安全实践,并在30 天内报告结果.3 On a broader level, 这一事件使人们更加关注政府的举措,这些举措旨在加强美国的网络安全,并创建一个全球联盟,让庇护网络犯罪的国家承担责任.4
Malicious Code
勒索软件是感染受害者计算机系统的恶意代码(恶意软件), 允许罪犯锁定文件,并要求赎金以换取数字密钥来恢复访问权限. Some attackers may also threaten to reveal sensitive data. 据估计,2020年全球发生了3.05亿次勒索软件攻击,比2019年增加了62%. More than 200 million of them were in the United States.5
最近备受瞩目的勒索软件攻击事件激增,代表着网络犯罪集团的一种转变,即不再从零售商等“数据丰富”的目标窃取数据, insurers, 以及金融公司锁定对公共福利至关重要的企业和其他组织的数据. 殖民输油管道袭击一周后,JBS美国控股公司处理了美国五分之一的石油.S. meat supply, paid an $11 million ransom.6 Health-care systems, which spend relatively little on cybersecurity, are a prime target, jeopardizing patient care.7 Other common targets include state and local governments, school systems, and private companies of all sizes.8
Ransomware gangs, 大部分位于俄罗斯和其他东欧国家, 通常会根据他们对受害者支付能力的感知设定赎金要求, 高价攻击可能会通过中间人和网络保险公司的谈判来解决. Although the FBI discourages ransom payments, 重要的企业和组织可能没有时间重建他们的计算机系统, 重建可能比支付赎金更昂贵.9
Protecting Your Data
而主要的勒索软件集团则专注于更有利可图的目标, plenty of cybercriminals prey on individual consumers, whether locking data for ransom, gaining access to financial accounts, or stealing and selling personal information. Here are some tips to help make your data more secure.10
Use strong passwords and protect them. 对Colonial Pipeline攻击的分析显示,攻击者通过泄露的密码获取了一个具有远程服务器访问权限的旧帐户的访问权限.11 Strong passwords are your first line of defense. 至少8 ~ 12个字符,由大写字母、数字和符号组合而成. Longer and more complex passwords are better. Do not use personal information or dictionary words.
一种技巧是使用一个你能记住和适应的密码短语. For example, Jack and Jill went up the hill to fetch a pail of water could be J&jwuth!!2faPow. Though it’s tempting to reuse a strong password, 不同的帐户使用不同的密码更安全. 考虑一个生成随机密码的密码管理程序, which you can access through a strong master password. Do not share or write down your passwords.
No easy answers. 建立可用于密码恢复的安全问题时要小心. 最好是用你能记住的虚构的答案. 如果罪犯可以通过现有信息(如在线资料)猜出你的答案, 他或她可以重置你的密码,进入你的帐户.
Take two steps. Two-step authentication, typically a text or email code sent to your mobile device, 提供第二道防线,即使黑客知道你的密码.
Think before you click. 勒索软件和其他恶意代码通常通过“钓鱼”电子邮件传输到受感染的电脑,欺骗读者点击一个链接. 永远不要点击电子邮件或文本中的链接,除非你知道发送者,并清楚地知道链接将带你去哪里.
Install security software. 安装杀毒软件、防火墙和电子邮件过滤器——并保持它们的更新. Old antivirus software won’t stop new viruses.
Back up your data. Back up regularly to an external hard drive. For added security, disconnect the drive between backups.
Keep your system up-to-date. 使用最新的操作系统,可以在你的电脑上运行,并下载安全更新. 大多数勒索软件攻击的目标是脆弱的操作系统和应用程序.
如果您在计算机上看到通知,说明您已被病毒感染或您的数据正在被勒索, 这更有可能是一个假的弹出窗口,而不是真正的攻击. 这些弹出窗口通常会有一个电话号码,用来呼叫“技术支持”或付款. 不拨打该号码,不点击窗口或任何链接. Try exiting your browser and restarting your computer. 如果你继续收到通知或者你的数据真的被锁定了, contact a legitimate technical support provider.
欲了解更多信息和其他建议,请访问网络安全 & Infrastructure Security Agency website at us-cert.cisa.gov/ncas/tips.