Last month, Lincoln College, a predominantly Black institution in Illinois, 宣布将在开业150多年后关闭,原因是新冠肺炎大流行的挥之不去的影响,以及去年12月的勒索软件攻击对其计算机网络造成了无法弥补的损害.
Over the last several years, ransomware incidents, 在这种情况下,恶意行为者可以访问并加密个人或机构的数据,直到他们获得预定的金额, have plagued organizations of all sizes. 就在去年,该国还在努力应对冠状病毒病例的飙升, 针对殖民管道的勒索软件攻击扰乱了东海岸上下的汽油配送. That was soon followed up with an attack against JBS, one of the largest meat processing companies in the country, which caused further supply chain headaches.
However, 学校——无论是K-12学校,还是学院和大学——一直是网络罪犯最喜欢攻击的目标. In fact, according to a report 今年早些时候由杀毒软件供应商Emsisoft发布, 在2021年,整个教育部门发生了88起勒索软件攻击, 62 at K-12 school districts and 26 colleges and universities.
According to David Murphy, Manager, Cybersecurity at consulting firm Schneider Downs, 这些事件证明了制定良好的灾难恢复计划的重要性,因为即使一所学校决定支付费用而不是失去对其系统的访问权, there is no guarantee that they will be returned intact. In the case of Lincoln College, the school reportedly paid a $100,000 ransom 但他们最终无法从攻击中完全恢复过来.
“即使你付钱给攻击者,你也能得到解密数据的密钥, sometimes that key doesn’t always work or the data maybe corrupted, so that is something to keep in mind,” Murphy explains.
Aside from the ransom itself, Saryu Nayyar, Founder and CEO of cybersecurity firm Gurucul, 他说,这些攻击还必须考虑到一系列其他成本.
“勒索软件对相对较小的组织的影响可能是灾难性的. 一个有着157年历史的机构已经受到大流行的影响,不得不在关键时期因勒索软件而关闭,这是一个悲剧,” she says. “勒索软件对商业的影响要比简单地支付恢复bet9平台游戏的费用广泛得多. There are plenty of other costs related to stolen and resold data, 业务可用性和员工停机时间实际上是不可能提前预测的,但影响并不小.”
Ransomware Mitigation Measures
Murphy建议学校投资于漏洞管理工具,以便更好地了解哪些系统可能暴露于限制这些威胁,并实施良好的用户身份验证解决方案. “Anytime you have a log-in, 您应该使用辅助设备或代码进行身份验证,以登录到您试图访问的任何内容,” he explains.
Additionally, 墨菲说,用户意识培训和帮助人们识别网络钓鱼邮件等迹象,在防止勒索软件和其他网络攻击方面也很有价值.
“他们拥有保护用户免受网络钓鱼或其他威胁的安全系统, 它们并非万无一失,所以你必须意识到网络钓鱼邮件的样子,以便最终用户能够识别它,” he adds.
According to Nayyar, 还有许多其他可用的工具可以减轻恶意参与者的各种方案.
“Organizations need to invest in the latest threat detection, 调查和响应工具可以使更小的团队快速检测攻击活动,例如在杀伤链的早期发现勒索软件,” she says. “这需要先进的分析和训练有素的机器学习(ML),具有开箱即开的检测功能,可以自动执行手动任务,并在数据被盗和/或加密之前加速安全分析师或工程师的工作,作为勒索软件引爆的前兆."
Attacks Evolve
As bad as traditional ransomware attacks are, 墨菲说,网络犯罪分子的新趋势之一是所谓的“双重勒索”,即不仅对学校或企业的文件进行加密, but they are also exfiltrated by the perpetrators, who subsequently threaten to release that data publicly.
不管攻击是传统的还是非传统的, however; Murphy says schools need to be prepared to address the risk.
“了解你的机构面临的风险,并核实你的网络保险政策实际上涵盖了什么. Some of them cover the forensic investigation, 其中一些包括赎金支付,一些包括灾难恢复工作,直到一定数量,” he says. “你可以做很多不同的事情来为事故做好准备. 我一直向客户推荐的另一件事是准备好应对计划, so knowing when and how to respond. And lastly, make sure you have outside help. 其中一些机构可能没有内部专业知识或资源来雇用全职安全从业人员, so they can find that help through a third party.”
Joel Griffin is the Editor of SecurityInfoWatch.com and a veteran security journalist. You can reach him at [email protected].
