Patients with appointments at certain Eastern Connecticut Health Network (Connecticut, USA) locations on 5 August 2023 experienced an unwelcome surprise: Their appointments had been canceled.1 The mass cancellation was not due to the network being overbooked or understaffed, however. 而不是, 这是对前景医疗控股公司勒索软件攻击的结果, 美国加利福尼亚州的医疗保健系统,在4个州运营, 东康涅狄格健康网络是其附属公司.
Unable to access many of their computer systems, some locations were forced to cancel appointments. Others stepped back in time, relying on paper records to facilitate patient care. 然而, 东康涅狄格健康网络的经历绝不是个例, as ransomware attacks have become frighteningly familiar in today’s digitally dominated landscape.
Ransomware攻击, malicious software that encrypts or steals a victim's data and demands payment for their release, 定期影响医疗保健提供者, 教育机构, 政府机构, 中小澳门赌场官方下载(smb)甚至大公司.
勒索软件攻击并不是什么新鲜事. The first documented incident occurred in December 1989 (it also targeted a healthcare institution).2 多年来, 这些攻击变得越来越普遍, 代价高昂,后果重大, making it critical that organizations understand the latest threats and implement solutions to keep their (and their customers’) data secure—and their operations thriving.
了解勒索软件的现状
现代勒索软件自30年前出现以来已经发生了很大的变化. Perhaps most important, this malicious software is no longer the work of isolated hackers. 而, 它是成熟的产物, 通常是分散的, 具有组织结构和不同角色的团队. 勒索软件即服务(RaaS)模式近年来迅速发展, allowing less sophisticated malicious cyberactors to acquire and deploy attacks at scale. RaaS products accounted for nearly 60% of all malware products sold on the Dark Web, 根据一项对2015年至2022年间的恶意软件产品进行抽样的研究.3
Highly organized criminal enterprises are making organizations more likely to experience an attempted ransomware attack. 令人惊讶的是,只有少数几个组织控制着RaaS领域. The top 10 RaaS groups account for 87% of attacks, with the top 3 responsible for more than 50%.4 当然, these groups can be challenging to pin down as increased law enforcement attention leads to regular rebranding and regrouping.
In 2023, 威胁行为者似乎以服务为目标, 制造和批发贸易组织, 强调收入在100万至5000万美元之间的澳门赌场官方下载.5 赎金的中位数估计约为20万美元.6
Attackers attempt to strike a balance between an organization's level of cyberprotection and the potential ransom payment. 简单地说, organizations in the mentioned revenue range 通常缺乏防止勒索软件攻击的IT和安全解决方案, 但有足够的收入支付赎金 to recover their data or IT infrastructure.
(目标)组织...通常缺乏防止勒索软件攻击的IT和安全解决方案, 但有足够的收入支付赎金.
失败的代价可能高得令人难以置信. 虽然它可以有很大的不同, 从几十万美元到高达7000万美元,7 长期影响, 包括机会成本, 声誉受损和投资者前景, 让计算实际影响变得具有挑战性.
保护、合规和风险管理策略
每年, 85%的澳门赌场官方下载至少经历过一次勒索软件攻击, 制定保护实施战略, 合规和风险日益重要.8
提升一个组织的防御姿态, start by addressing the most common culprit: compromised credentials and exposed Internet servers (mainly remote desktop protocol [RDP] connections). 澳门赌场官方下载 should monitor servers and be vigilant about compromised credentials because these are standard attack methods. 同时, 重要的是要确保所有员工都使用强力, 帐户的唯一密码.
Proactively and continuously scanning the Internet and dark web for potential compromise (and responding accordingly) also helps organizations anticipate attack vulnerabilities. 值得注意的是, more ransomware attacks occur in the second half of the year than the first due to the increase of cyberactivity surrounding winter holidays.9 This does not mean that enterprises should let their guard down at the beginning of the year, 但这能让他们做出相应的计划, 确保他们在攻击发生前把鸭子排好.
澳门赌场官方下载 can also analyze data to gauge the likelihood of an attack based on their industry and size, 尽管这些趋势可能会随着时间的推移而改变. 具体地说, organizations can leverage data to perform a quantitative cyberrisk analysis to determine the likelihood of a ransomware attack and the impact an incident would have on their operations and bottom-line results. 有了这些信息, IT teams and decision makers are empowered to understand the financial impact of a cyberevent, assess the return on investment (ROI) of their cybersecurity budgets and prioritize risk management decisions accordingly.
Digital hygiene best practices can meaningfully reduce the risk of a ransomware attack, equipping organizations of every size with what they need to take control of their digital environments.
最后, 可以训练和教授团队如何预测勒索软件攻击, 使他们更有可能仔细审查潜在的网络钓鱼邮件, 更好地管理他们的帐户凭证并定期安装软件更新. These digital hygiene best practices can meaningfully reduce the risk of a ransomware attack, equipping organizations of every size with what they need to take control of their digital environments.
勒索软件攻击是不可避免的吗?
在当今数字互联的世界, ransomware attacks have become a pervasive element of the ever-changing and increasingly sophisticated landscape. 澳门赌场官方下载, healthcare institutions and organizations across various sectors are all potential targets facing the risk of significant financial loss, 业务中断和声誉受损.
RaaS的出现使这种情况进一步复杂化, 使勒索软件行业更有组织,更强大. 然而,袭击的必然性并不意味着无助. 组织可以采用战略保护, 合规和风险管理措施,包括时刻保持警惕, regular employee training and targeted defensive planning based on industry and size trends.
通过了解当前的威胁形势并采取积极措施, organizations can secure their digital environments and reduce the risk of falling victim to malicious attacks.
尾注
1 艾布拉姆斯,.; “Rhysida声称勒索软件攻击前景医疗,威胁出售数据,《澳门赌场官方软件》,2023年8月27日
2 帕默,D.; “30 Years of Ransomware: How One Bizarre Attack Laid the Foundations for the Malware Taking Over the World,” ZDNET2019年12月19日
3 Weigand,年代.; “勒索软件超越暗网上提供的恶意软件即服务,《澳门赌场官方软件》,2023年6月15日
4 Kovrr, 勒索软件威胁形势H1-23, 2023年7月13日
5 同前.
6 Coveware, Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments2023年7月21日
7 络筒机,D.; “Revil勒索软件攻击者声称100万系统被攻击,要求赔偿7000万美元,” 《澳门赌场官方下载》2021年7月5日
8 兰格尔,M.; “防范勒索软件:保护你的数字世界,《澳门赌场官方下载》,2023年10月2日
9Op cit Kovrr
家伙两者兼得
是Kovrr的数据主管吗, a leading cyberrisk quantification (CRQ) technology and solutions provider enabling global enterprises and (re)insurers to financially quantify cyberrisk on demand. He has more than 10 years of cybersecurity experience and extensive expertise in reverse engineering, 恶意软件研究和威胁行为者分析. 以前, Propper was the head of the threat intelligence and deep learning group at Deep Instinct and participated as a speaker in Defcon 26.