上个月, 林肯大学, 伊利诺斯州以黑人为主的学校, announced that it would be shutting its doors more than 150 years after it first opened due to a combination of the lingering impacts of the Covid-19 pandemic and a ransomware attack last December that caused irreparable damage to its computer networks.
在过去的几年里, ransomware事件, in which malicious actors gain access and encrypt the data of individuals or institutions until they are paid a predetermined sum, 是否困扰着各种规模的组织. Just last year as the country was still grappling with skyrocketing cases of the coronavirus, a ransomware attack against Colonial Pipeline disrupted the distribution of gasoline up and down the East Coast. 紧接着是针对JBS的攻击, 国内最大的肉类加工公司之一, 这会给供应链带来更多麻烦吗.
然而, schools – both K-12 campuses along with colleges and universities – have been a favorite target of cybercriminals. 事实上,根据a 报告 published earlier this year by anti-virus software provider Emsisoft, there were 88 ransomware attacks throughout the education sector in 2021, K-12学区有62人,学院和大学有26人.
大卫·墨菲说, 经理, 咨询公司施耐德唐斯的网络安全专家, these incidents demonstrate the importance of having good disaster recovery plans in place because even if a school decides to pay up rather than lose access to their systems, 不能保证它们会完好无损地被送回. 以林肯学院为例,据报道,该校 支付了10万美元的赎金 to the hackers, but they were ultimately unable to fully recover from the attack.
“Even if you pay the money to an attacker and you get a key to decrypt the data, 有时这个密钥并不总是有效,或者数据可能已经损坏, 这是要记住的,墨菲解释道.
除了赎金本身, Saryu弘, 网络安全公司Gurucul的创始人兼首席执行官, says there are a slew of other costs that must be taken into consideration stemming from these attacks as well.
"The impact of ransomware on relatively smaller organizations can be catastrophic. A 157-year-old institution already hampered by the impact of the pandemic having to shut down during a critical period due to ransomware is tragic,她说。. “Ransomware has a much broader impact to business than simply the payment to restore services. 与被盗和转售数据有关的其他成本还有很多, business availability and employee downtime that are virtually impossible to predict upfront but with no less impact.”
勒索软件缓解措施
Murphy recommends that schools invest in vulnerability management tools to be better aware of what systems are potentially exposed to limit those threats and to also implement good user authentication solutions. “只要你登录, you should have to authenticate using a secondary device or a code to login to whatever it is you are trying to access,他解释道.
另外, Murphy says that user awareness training and helping people recognize the signs of phishing emails and the like can also prove valuable in preventing ransomware and other cyberattacks.
“The security systems that they have in place to protect users against phishing or whatever, they’re not infallible so you have to be aware of what a phishing email looks like to be able to have end users identify that,他补充道.
Nayyar说, there are also a variety of other tools available that can mitigate against the various schemes of malicious actors.
“企业需要投资于最新的威胁检测, investigation and response tools that can empower even smaller teams to rapidly detect attack campaigns such as ransomware early in the kill chain,她说。. “This requires advanced analytics and trained machine learning (ML) with out-of-the-box detection capabilities to automate manual tasks and accelerate security analyst or engineer efforts before data is stolen and/or encrypted as a precursor to ransomware detonation."
攻击的进化
和传统的勒索软件攻击一样糟糕, Murphy says one of the newer trends among cybercriminals is what is referred to as “double extortion” in which not only are a school or business’ files encrypted, 但他们也被犯罪者渗透了, 谁随后威胁要公开这些数据.
Regardless of whether the attack falls into a traditional or non-traditional category, however; Murphy says schools need to be prepared to address the risk.
“Understand what the risk is out there to your institution and also verify what your cyber insurance policy actually covers. 其中一些报道了法医调查, some of them cover the ransom payment and some of them cover the disaster recovery effort up until a certain amount,他说. “There are a lot of different things that you can do to prepare yourself for an incident. Another thing that I have been recommending to clients is having response plans prepared, 所以要知道何时以及如何回应. 最后,确保你有外部帮助. Some of these institutions may not have the in-house expertise or the resources to hire a full-time security practitioner, 所以他们可以通过第三方找到帮助.”
乔尔·格里芬(乔尔·格里芬)是SecurityInfoWatch的编辑.和一位资深安全记者. 你可以在 (电子邮件保护).
