勒索软件?让我们称之为真正的勒索软件

温馨提示:全文约1958字,阅读全文大约需要2分钟

正如这些攻击的目标已从个人转移到公司一样,狭隘的重点也被施加武力和支付压力所取代。

没有改变的是我们所说的:勒索软件。勒索的目的是解密锁定的数据,而防御策略的重点是限制对数据的访问——最低权限、用户意识培训和基于主机的恶意软件防范

. 这一系列的转变就是为什么我们应该改变命名-从勒索软件,一个严重的攻击,但一个相对狭窄的范围,敲诈勒索软件,那里的每一个压力都被施加到强制付款

正如这些攻击的目标已从个人转移到公司一样,狭隘的重点也被施加武力和支付压力所取代。

没有人需要提醒勒索软件已经达到了难以置信的比例;来自Purplesec的一个广泛报道的统计数据表明>

“工作人员”成倍增加,采用了让人想起民族国家攻击的战术,并以速度和效率发展了伙伴关系和关系,使我们的许多商业行为蒙羞。新的策略不断出现,既要获得援助,又要向受害者施压,迫使他们支付赔偿金

没有改变的是我们所说的:勒索软件。这是一个错误,因为它太多人的脑海里把它与过去联系一起,与一种威胁性小得多的攻击形式联系一起,这种攻击形式始于1989年的AIDS特洛伊木马(20000张软盘上分发,并要求支付大约500美元)。这次袭击20世纪10年代中期再次发生,但只是个别威胁。诸如CryptoWall、Cryaki、TeslaCrypt和CTB Locker等攻击会影响单个用户,并迫使受害者接近攻击者进行恢复。攻击者还迅速利用加密货币,利用比特币的相对匿名性和易转移性,努力赚钱的同时保护加密货币

这些攻击是通过多种手段或媒介传播的。网络钓鱼、恶意广告的弹出窗口,甚至Facebook Messenger等平台上的消息都是常见的传播媒介。代码库不同,攻击向量不同,但目标相同。登陆用户的计算机,加密该计算机和网络可访问的数据,并要求支付。这次袭击是针对个人的,而公司的损失是一种额外的(以支付的方式),而不是目标。勒索的目的是解密锁定的数据,而防御策略的重点是限制对数据的访问——最低权限、用户意识培训和基于主机的恶意软件防范

随着坏人跟着钱走,这种模式慢慢向公司目标转变。然而,到了2020年,形势发生了一系列重大变化,策略也发生了变化。这一系列的转变就是为什么我们应该改变命名-从勒索软件,一个严重的攻击,但一个相对狭窄的范围,敲诈勒索软件,那里的每一个压力都被施加到强制付款

阅读完整的文章>

 

英文译文:

Just as the targets of these attacks have shifted from individuals to corporations, so too has the narrow focus given way to applying force and pressure to pay.

No one needs reminding that ransomware has reached incredible proportions; one widely reported statistic from Purplesec suggests that $20 billion was paid out in 2020. That’s almost double its $11.5 billion estimate from 2019, with a commensurately huge increase in the number of attacks, while Bitdefender suggested a 715% increase in the first half of the year.

The “crews” have multiplied, adopted tactics that are reminiscent of nation-state attacks, and developed partnerships and relationships with a speed and efficiency that put many of our business practices to shame. New tactics are constantly appearing both to gain access and to apply pressure on victims to pay.

What hasn’t changed is what we call it: ransomware. That’s a mistake, since it ties it in too many people’s minds to the past, and to a much less threatening form of the attack, the attack form that started in 1989 with the AIDS Trojan (distributed on 20,000 floppy disks and looking for a payment of around $500). The attack returned in the mid-2010s, but as individual threats. Attacks such as CryptoWall, Cryaki, TeslaCrypt, and CTB-Locker impacted individual users and forced the victim to approach the attacker to recover. Attackers also took rapid advantage of cryptocurrencies, using the relative anonymity and easy transferability of Bitcoin to protect them as they monetized their efforts.

These attacks were distributed by multiple means, or vectors. Phishing, pop-ups from malvertising, and even messaging on platforms like Facebook Messenger were common vectors. The code base was different, the attack vector was different, but the goal was the same. Land on a user’s computer, encrypt that computer and network-accessible data, and demand payment. The attack was against the individual, and corporate damage was a bonus (in terms of payment), not the objective. The ransom was to decrypt the locked data, and defensive tactics focused on limiting access to data — least privilege, user-awareness training, and host-based malware prevention.

This model slowly shifted toward corporate targets, as the bad guys followed the money. 2020, however, saw a series of seminal shifts in the landscape, and a change in tactics. This series of shifts is why we should change the naming — from ransomware, a serious attack but one with a relatively narrow scope, to extortionware, where every pressure is being applied to force payment.

 

Share this Post:

相关资讯: