诈骗勒索软件防御手段_防御勒索软件攻击的8种方法

诈骗勒索软件防御手段

Ransomware is on the rise. According to Symantec, there was 35% increase in ransomware attacks in 2015 and this figure is set to rise again in 2016. In the past, ransomware was primarily aimed at Windows-based machines, targeting personal and office computers: now, however, those who develop the software have begun to make versions that can ransom Linux, Android and iOS systems too, meaning that Linux based systems and mobile devices can also be held to ransom.  It’s never been more important to take ransomware defence more seriously and in this article, we’ll show you how to defend yourself against it.

勒索软件正在上升。 据赛门铁克称，2015年勒索软件攻击增加了35％，并且这一数字有望在2016年再次上升。过去，勒索软件主要针对基于Windows的计算机，针对个人和办公计算机：但是，现在，开发该软件的人也已经开始制作可以勒索Linux，Android和iOS系统的版本，这意味着基于Linux的系统和移动设备也可以勒索。 认真对待勒索软件防御从来没有像现在这样重要，在本文中，我们将向您展示如何防御勒索软件。

什么是勒索软件？ (What is ransomware?)

Ransomware is a form of exploitation where a user is forced to pay a ransom to regain the use of their computer or system. Computers and servers are infected by two methods: the ‘drive-by’ method is where a user visits an infected website or clicks on a link in a phishing email, and the ‘vulnerability exploit’ method where the software scans your machine for vulnerabilities and, if these exist, will execute the malicious code that begins the ransomware process.

勒索软件是一种利用形式，用户被迫支付赎金以重新获得其计算机或系统的使用权。 计算机和服务器受两种方式感染：“偷渡式”方法是用户访问受感染的网站或单击网络钓鱼电子邮件中的链接；“漏洞利用”方法是软件扫描您的计算机中的漏洞和，如果存在，它们将执行开始勒索软件过程的恶意代码。

Once installed, the malware prevents the user from having access to their machine, either by locking the user out or, as has become the most popular method, encrypting the contents of the hard drive. The user is then forced to either pay the ransom to regain access or to have the encryption removed. With encryption, sometimes the user is only given access to a backup which they need to restore themselves. There are also some instances reported where the restored data is found to be corrupted.

安装后，该恶意软件会通过将用户锁定或加密硬盘驱动器的内容(已成为最流行的方法)来阻止用户访问其计算机。 然后，用户被迫支付赎金以重新获得访问权限或删除加密。 使用加密，有时仅授予用户访问他们需要恢复自己的备份的权限。 还报告了一些实例，其中发现恢复的数据已损坏。

勒索软件攻击如何发生？ (How do ransomware attacks take place?)

Ransomware attacks are not normally targeted at specific individuals or businesses; instead, the cybercriminals are operating on the belief that if you throw a big enough net into the sea you’ll catch a fish eventually.

勒索软件攻击通常不针对特定的个人或企业； 取而代之的是，网络犯罪分子的信念是，如果您将足够大的网扔入海中，最终您会钓到一条鱼。

Their main form of ‘drive-by’ attack is to send out millions of spam emails in the hope that a few unsuspecting individuals will click on the malicious links contained within them. In addition, they also set up websites containing malicious code and do their utmost to get traffic to visit them – again, spam email plays a part in this.

他们的“偷渡式”攻击的主要形式是发送数百万封垃圾邮件，以期希望一些毫无戒心的人点击其中包含的恶意链接。 此外，他们还建立了包含恶意代码的网站，并尽最大努力吸引访问者的访问量–垃圾邮件再次在其中发挥了作用。

With vulnerability exploits, the biggest problems, at present, are caused by vulnerabilities in Adobe Flash and Microsoft Silverlight. While Microsoft has worked hard to patch Silverlight’s vulnerabilities, issues with Flash continue and this has led to it being cut out of the loop by many web services. Google, for example, no longer uses it on Chrome and will stop displaying Flash advertising next year.

通过漏洞利用，目前最大的问题是由Adobe Flash和Microsoft Silverlight中的漏洞引起的。 尽管Microsoft一直在努力修补Silverlight的漏洞，但Flash的问题仍在继续，这导致许多Web服务将其淘汰。 例如，谷歌不再在Chrome上使用它，并将于明年停止显示Flash广告。

Both these methods of attack work because businesses and individuals do not manage the risk of ransomware effectively and this is mainly due to poor staff training, weak software security and slack patch management.

这两种攻击方法都是有效的，因为企业和个人无法有效地管理勒索软件的风险，这主要是由于员工培训不足，软件安全性较弱以及补丁管理不足所致。

防御勒索软件 (Defending yourself from ransomware)

防御Flash和IE中的漏洞 (Defend against vulnerabilities in Flash and IE)

To reduce your chance of being infected by ransomware, you need to prevent your exposure to their channels of attack. For example, you can help prevent infection from ransomware that uses Adobe Flash vulnerabilities by restricting access to it. Making sure your company’s computers uninstall IE or MS Edge and replace it with Chrome will certainly reduce the chance of infection via that route. If you do want to continue using Flash, you should set it to ‘click to play’ and install browser ad-blockers to protect against malicious advertising attacks.

为了减少您被勒索软件感染的机会，您需要防止暴露于他们的攻击渠道。 例如，可以通过限制对使用Adobe Flash漏洞的勒索软件的感染来防止感染。 确保您公司的计算机卸载IE或MS Edge并将其替换为Chrome，肯定会减少通过该途径感染的机会。 如果您确实想继续使用Flash，则应将其设置为“点击播放”并安装浏览器广告拦截器以防止恶意广告攻击。

补丁管理 (Patch management)

Patching should also be a vital part of your risk management. You need to ensure that you are using the latest updates to your operating system, whether that’s Windows, Mac or Linux, as well as any applications you are using, especially Adobe Flash and Microsoft Silverlight. For those who find this difficult to achieve on their servers, upgrading to managed hosting with your web host can be the easiest way to ensure this takes place.

修补也应该是风险管理的重要组成部分。 您需要确保使用的是Windows，Mac或Linux操作系统的最新更新，以及正在使用的任何应用程序，尤其是Adobe Flash和Microsoft Silverlight。 对于那些发现很难在其服务器上实现的用户，使用Web主机升级到托管主机可能是确保这一点最简单的方法。

定期备份–离线存储 (Regular backups – stored offline)

Equally as important in protecting your system from ransomware is the need for backups. As your entire system can be encrypted, these should include application and data backups. Ideally, they should be stored offline so that you can still get access to them if you are ransomed. You should also backup shared files too. As these can often be targets of ransomware attacks.

在保护系统免受勒索软件侵害方面，同样重要的是需要备份。 由于可以对整个系统进行加密，因此其中应包括应用程序和数据备份。 理想情况下，应将它们离线存储，以便在被赎回后仍可以访问它们。 您还应该备份共享文件。 由于这些通常可能是勒索软件攻击的目标。

更改设置以显示隐藏的文件扩展名 (Change setting to show hidden file extensions)

By enabling the ability to see hidden file extensions, it makes it much easier to identify malicious files in emails, attachments and web links. For example, the ransomware program Cryptolocker is often hidden in a file with the extension .PDF.EXE. It’s only when you see the .EXE part that you can tell that you have an executable program.

通过启用查看隐藏文件扩展名的功能，可以更轻松地识别电子邮件，附件和Web链接中的恶意文件。 例如，勒索软件程序Cryptolocker通常隐藏在扩展名为.PDF.EXE的文件中。 只有当您看到.EXE部分时，才能告诉您您拥有可执行程序。

过滤电子邮件中的可执行文件 (Filter executable files in email)

Even better than relying on spotting .EXE files in emails is to utilise a mail scanner that will automatically block them or quarantine them – especially files with a suspicious double file extension ending in .EXE (e.g. invoice.docx.exe). Again, the surest way to achieve this is to make sure your service provider offers highly secure email hosting.

甚至比依靠在电子邮件中发现.EXE文件更好的方法是利用邮件扫描程序，该程序将自动阻止或隔离它们-特别是带有以.EXE结尾的可疑双文件扩展名的文件(例如invoice.docx.exe)。 同样，实现此目标的最可靠方法是确保您的服务提供商提供高度安全的电子邮件托管 。

禁用从AppData文件夹运行的文件 (Disable files which run from AppData folders)

If you don’t need to run software from the App Data area, you should consider disabling this function on your computers or servers. This is because some forms of ransomware use the App Data or Local App Data folders to launch themselves.

如果不需要从“应用程序数据”区域中运行软件，则应考虑在计算机或服务器上禁用此功能。 这是因为某些形式的勒索软件使用App Data或Local App Data文件夹来启动自身。

Disabling can be done via Windows on individual machines or if you have a managed service with your web host, you can ask them to configure their intrusion protection software to achieve this.

可以通过Windows在单个计算机上进行禁用，或者如果您的Web主机具有托管服务，则可以要求他们配置其入侵防护软件来实现此目的。

禁用远程桌面协议 (Disable Remote Desktop Protocol)

Remote Desktop Protocol enables remote users to access your computer. It is often used legitimately within organisations so that if a user is having a problem with their computer the IT staff can fix the issue without having to leave their own office.

远程桌面协议使远程用户可以访问您的计算机。 它通常在组织内部合法使用，因此，如果用户的计算机出现问题，IT员工无需离开自己的办公室即可解决此问题。

However, if exploited, it means unauthorised users can also gain control of your computer and can install software without you knowing. This method has been used to install ransomware on computers, so if you don’t need it, disable it. You can always turn it on and off temporarily if you need to give legitimate access over the short term.

但是，如果被利用，则意味着未经授权的用户也可以控制您的计算机，并且可以在不知情的情况下安装软件。 此方法已用于在计算机上安装勒索软件，因此，如果不需要它，请禁用它。 如果您需要短期内给予合法访问权限，则可以始终临时打开和关闭它。

员工培训 (Staff training)

The single biggest cause of ransomware infection is human behaviour. People are easily tricked into believing a website is genuine or that the file or link in an email is from a trustable source. At the same time, many do not recognise the signs of an attack or know what to do when one happens.

勒索软件感染的最大原因是人类的行为。 人们容易被欺骗，以为网站是真实的，或者电子邮件中的文件或链接来自可信赖的来源。 同时，许多人不了解攻击的迹象，或者不知道发生袭击时该怎么办。

As we can never guarantee 100% that our mail scanners, firewalls, intrusion detection and other filters will block every threat, it is essential that your business has a robust policy on staff training and internet / email use to reduce the risk even more.

由于我们永远不能保证100％我们的邮件扫描程序，防火墙，入侵检测和其他过滤器会阻止所有威胁，因此至关重要的是，您的企业必须制定有力的员工培训政策和互联网/电子邮件使用策略，以进一步降低风险。

结论 (Conclusion)

Ransomware is a major problem; it can take your business offline, corrupt your data and cost you a great deal of money. From reading this article, you should now have a much clearer understanding of what ransomware is, the routes it uses to infect computers, servers and phones and what steps you need to take to reduce the risk of infection.

勒索软件是一个主要问题。 它会使您的业务脱机，破坏您的数据并花费大量金钱。 通过阅读本文，您现在应该更加清楚地了解什么是勒索软件，其用于感染计算机，服务器和电话的路径以及需要采取哪些步骤来降低感染风险。

翻译自: https://www.eukhost.com/blog/webhosting/8-ways-to-defend-your-business-from-ransomware-attacks/

诈骗勒索软件防御手段