在某些东康涅狄格健康网络(康涅狄格)预约的病人, 2023年8月5日,美国各地的游客经历了一个不受欢迎的惊喜:他们的约会被取消了.1 然而,大量停播并不是因为该电视台超额预定或人手不足. 而不是, it was a result of a ransomware attack on Prospect Medical Holdings, a US State of California-based healthcare system operating in 4 states, of which Eastern Connecticut Health Network is an affiliate.
由于无法进入许多计算机系统,一些地点被迫取消预约. 其他人则回到过去,依靠纸质记录来方便患者护理. 然而, Eastern Connecticut Health Network’s experience is anything but an outlier, 随着勒索软件攻击在当今数字主导的环境中变得令人恐惧的熟悉.
Ransomware攻击, 恶意软件,加密或窃取受害者的数据,并要求支付赎金, regularly impact healthcare providers, 教育机构, 政府机构, small and medium-sized businesses (SMBs) and even major corporations.
Ransomware攻击 are nothing new. 第一起记录在案的事件发生在1989年12月(它也是针对一家医疗机构)。.2 多年来, these attacks have increasingly grown more common, 代价高昂,后果重大, 因此,组织必须了解最新的威胁并实施解决方案,以确保他们(和客户)的数据安全,并使他们的运营蓬勃发展.
Understanding the Ransomware Landscape
Modern ransomware has changed considerably since its inception 3 decades ago. 也许最重要的是,这种恶意软件不再是孤立的黑客的作品. 而, it is the product of sophisticated, 通常是分散的, teams with organizational structures and differentiated roles. The Ransomware-as-a-Service (RaaS) model has proliferated in recent years, 允许不那么复杂的恶意网络攻击者大规模获取和部署攻击. RaaS产品占暗网上销售的所有恶意软件产品的近60%, according to a study sampling malware offerings between 2015 and 2022.3
高度组织化的犯罪澳门赌场官方下载使组织更有可能遭受勒索软件攻击. Surprisingly, only a few groups control the RaaS landscape. 排名前十的RaaS组织占了87%的攻击,排名前三的组织占了50%以上.4 当然, 随着执法部门越来越多地关注这些组织,这些组织可能很难被压制,因为它们会定期重塑品牌和重组.
In 2023, threat actors appear to target service, manufacturing and wholesale trade organizations, emphasizing enterprises with revenue between US$1 million and US$50 million.5 A median ransom amount is estimated to be approximately US$200,000.6
攻击者试图在组织的网络保护水平和潜在的赎金支付之间取得平衡. 简单地说, 上述收入范围内的组织通常缺乏防止勒索软件攻击的IT和安全解决方案, 但有足够的收入支付赎金来恢复他们的数据或IT基础设施.
(目标)组织...often lack the IT and security solutions to prevent a ransomware attack, but have enough revenue to pay the ransom.
The cost of failure can be incredibly high. While it can vary significantly, from several hundreds of thousands of dollars to as high as US$70 million,7 长期影响, 包括机会成本, reputation damage and investor outlook, make it challenging to calculate the actual impact.
Strategies for Protection, Compliance and Risk Management
每年, 85% of enterprises experience at least 1 attempted ransomware attack, making implementing strategies for protection, compliance and risk increasingly important.8
To elevate an organization’s defensive posture, 首先解决最常见的罪魁祸首:受损的凭据和暴露的Internet服务器(主要是远程桌面协议[RDP]连接). 澳门赌场官方下载应该监视服务器并警惕被破坏的凭据,因为这些都是标准的攻击方法. 同时, it is important to ensure that all employees use strong, unique passwords for their accounts.
主动和持续地扫描互联网和暗网,寻找潜在的威胁(并做出相应的响应)也有助于组织预测攻击漏洞. 值得注意的是, 由于寒假期间网络活动的增加,下半年的勒索软件攻击比上半年更多.9 这并不意味着澳门赌场官方下载应该在年初放松警惕, but it allows them to plan accordingly, ensuring that they have their proverbial ducks in a row before an attack occurs.
澳门赌场官方下载还可以分析数据,根据自己的行业和规模来判断受到攻击的可能性, although these trends may change over time. 具体地说, 组织可以利用数据进行定量的网络风险分析,以确定勒索软件攻击的可能性以及事件对其运营和底线结果的影响. 有了这些信息, IT团队和决策者有权了解网络事件的财务影响, 评估其网络安全预算的投资回报率(ROI),并相应地优先考虑风险管理决策.
数字卫生最佳实践可以有效降低勒索软件攻击的风险, 为各种规模的组织提供所需的设备,以控制其数字环境.
最后, teams can be trained and taught to anticipate ransomware attacks, making them more likely to closely scrutinize potential phishing emails, better manage their account credentials and regularly install software updates. 这些数字卫生最佳实践可以有效地降低勒索软件攻击的风险, 为各种规模的组织提供所需的设备,以控制其数字环境.
Is a Ransomware Attack Inevitable?
In today's digitally connected world, 勒索软件攻击已经成为不断变化和日益复杂的环境中无处不在的元素. 澳门赌场官方下载, 各个部门的医疗机构和组织都是面临重大财务损失风险的潜在目标, operational disruption and reputational damage.
The emergence of RaaS has further complicated this scenario, making the ransomware industry more organized and formidable. 然而, the inevitability of an attack does not translate into helplessness. Organizations can employ strategic protection, compliance and risk management measures including constant vigilance, 定期对员工进行培训,并根据行业和规模趋势制定有针对性的防御计划.
By understanding the current threat landscape and taking proactive steps, 组织可以保护他们的数字环境,降低成为恶意攻击受害者的风险.
尾注
1 艾布拉姆斯,.; “Rhysida Claims Ransomware Attack on Prospect Medical, Threatens to Sell Data,” Bleeping Computer, 27 August 2023
2 帕默,D.; “勒索软件的30年:一次奇怪的攻击如何为恶意软件占领世界奠定了基础,” ZDNET2019年12月19日
3 Weigand,年代.; “Ransomware Tops Malware-as-a-Service Offered on the Dark Web,《澳门赌场官方软件》,2023年6月15日
4 Kovrr, The Ransomware Threat Landscape H1-23, 2023年7月13日
5 同前.
6 Coveware, 赎金货币化率降至历史最低,尽管平均赎金支付大幅增加2023年7月21日
7 络筒机,D.; “$70 Million Demanded as Revil Ransomware Attackers Claim 1 Million Systems Hit,” 《澳门赌场官方软件》2021年7月5日
8 兰格尔,M.; “Ransomware Prevention: Safeguarding Your Digital World,《澳门赌场官方下载》,2023年10月2日
9Op cit Kovrr
家伙两者兼得
是Kovrr的数据主管吗, 领先的网络风险量化(CRQ)技术和解决方案提供商,使全球澳门赌场官方下载和(再)保险公司能够按需在财务上量化网络风险. 他拥有超过10年的网络安全经验和广泛的逆向工程专业知识, malware research and threat actor analysis. 以前, Propper是deep Instinct威胁情报和深度学习小组的负责人,并作为演讲者参加了Defcon 26.