公司应对勒索软件时犯的10个错误

温馨提示:全文约1382字,阅读全文大约需要2分钟

从5月份影响殖民地输油管道的头条新闻事件到本月发生卡西亚的袭击事件,勒索软件攻击最近几个月对企业来说简直是一场瘟疫。虽然它们并不新鲜,但它们确实吸引了公众的注意力,并引起了立法者的不满

. 虽然大多数安全专业人士反对付费,但某些情况下,这可能是最有意义的. Colonial支付了近500万美元的赎金来解密它的电脑。

勒索软件攻击的胁迫下,支付只是众多问题中的一个。

从5月份影响殖民地输油管道的头条新闻事件到本月发生卡西亚的袭击事件,勒索软件攻击最近几个月对企业来说简直是一场瘟疫。虽然它们并不新鲜,但它们确实吸引了公众的注意力,并引起了立法者的不满

是否支付赎金是一个热议的问题。虽然大多数安全专业人士反对付费,但某些情况下,这可能是最有意义的

“每个人都说‘不’,但这实际上取决于具体情况,”Eze Castle Integration的安全咨询总监史蒂文·施瓦茨(Steven Schwartz)说一天结束时,你需要让业务恢复运转。Colonial支付了近500万美元的赎金来解密它的电脑。这是一个商业决策——他们需要让他们的管道恢复运行。”

勒索软件攻击的胁迫下,支付只是众多问题中的一个。以下是一些组织勒索软件响应方面的常见错误

错误1:未能控制恶意软件

许多组织开始关注如何采取必要措施确保恶意软件不会进一步传播之前收回加密数据

“第一件事[组织]做的错误不是确保他们完全根除原始的攻击向量,并得到它的根源分析,它是如何开始的,并确认它没有扩张,”艾泽堡一体化的施瓦兹说。您必须确保清理您的环境,以消除两次成为同一攻击的受害者并支付双倍赎金的风险。”

阅读完整的文章>

 

英文译文:

From the headline-making incident in May that impacted Colonial Pipeline to this month’s hit on Kaseya, ransomware attacks have been nothing short of a plague on businesses in recent months. While they aren’t new, they are certainly capturing the public’s attention and raising eyebrows among lawmakers.

To pay or not to pay the ransom is a hotly debated issue. While most security professionals oppose paying, in certain situations it might make the most sense.

“Everyone says ‘no,’ but it really depends on a case-by-case basis,” says Steven Schwartz, director of security consulting at Eze Castle Integration. “At the end of the day, you need to get the business back up and running. Colonial paid nearly $5 million in ransom to decrypt its computers. That was a business decision – they needed to get their pipeline back up and running.”

Payment is just one of many issues to contend with while under the duress of a ransomware attack. Following are some of the common mistakes organizations make when it comes to ransomware response.

Mistake 1: Failing to Contain the Malware

Many organizations start focusing on how to recoup the encrypted data before taking the essential step of ensuring the malware does not spread further.

“The first thing [organizations] do wrong is not making sure they completely eradicated the original attack vector and getting that root cause analysis of how it started and confirming it’s not expanding,” says Eze Castle Integration’s Schwartz. “You must make sure to clear your environment to eliminate the risk of falling victim to the same attack twice and paying a double ransom.”

 

Share this Post:

相关资讯: