petya病毒分析
Just a month after the sweeping WannaCry attacks, we now see a new ransomware threat, a Petya variant, causing havoc across the globe. As is usual with these kinds of attacks, users find themselves staring at a ransom screen informing them that their data has been encrypted and that they need to pay $300 in order to get the key that will unlock it.
在全面的WannaCry攻击发生仅一个月后,我们现在看到了一种新的勒索软件威胁,即Petya变种,在全球范围内造成了严重破坏。 与这些攻击一样,用户发现自己盯着赎金屏幕,告知他们自己的数据已被加密,并且需要支付300美元才能获得将其解锁的密钥。
The odd thing this time, is that cybercrime analysts suspect the ransomware was unleashed as a deliberate attack on the Ukraine, which suffered 60% of all infections including attacks on its power supplier, Kiev Airport and on the Chernobyl nuclear reactor.
这次奇怪的是,网络犯罪分析师怀疑该勒索软件是针对乌克兰的蓄意攻击而释放的,乌克兰遭受了所有感染的60%,包括对其电力供应商,基辅机场和切尔诺贝利核React堆的攻击。
Whether a deliberate attack or not, it doesn’t detract from the fact that the virus has spread to organisations in many other countries. In the UK, advertising agency WPP was affected as well as Russia’s main oil company, Rosneft, Danish shipping company, Maersk, and pharmaceuticals company Merck.
不管是否进行蓄意的攻击,它都不会削弱该病毒已经传播到许多其他国家/地区的组织这一事实。 在英国,广告代理商WPP以及俄罗斯的主要石油公司Rosneft,丹麦的船运公司,马士基和制药公司Merck都受到了影响。
Petya和WannaCry使用相同的路线 (Petya and WannaCry using same routes)
One of the biggest concerns about Petya is that it seems to be exploiting the same vulnerabilities that WannaCry used. Both infect systems which operate on a vulnerable Windows Server and SMB (Server Message Block) and are spread using software stolen by hackers from the US National Security Agency and leaked over the internet.
有关Petya的最大担忧之一是,它似乎正在利用WannaCry使用的相同漏洞。 这两种感染系统均在易受攻击的Windows Server和SMB(服务器消息块)上运行,并使用美国国家安全局黑客盗窃并通过互联网泄漏的软件进行传播。
The fact that hackers can so easily raid the USA’s equivalent to GCHQ, tells us a great deal about the state of the world’s cyber security. However, the worrying thing is that the tools created by the NSA are now available online for ransomware developers to use at will. This means it’s unlikely that WannaCry and Petya will be the only two ransomware viruses that use them. There may be worse to come.
黑客可以轻易袭击美国相当于GCHQ的事实,这告诉了我们很多有关世界网络安全状况的信息。 但是,令人担忧的是,NSA创建的工具现在可以在线使用,供勒索软件开发人员随意使用。 这意味着WannaCry和Petya不太可能成为使用它们的仅有的两种勒索软件病毒。 可能会更糟。
迫切需要升级系统 (Urgent need to upgrade systems)
Fortunately, many systems are not vulnerable to Petya and WannaCry. The current vulnerability exists in only in older versions of Windows. Those at risk are those which have not updated their systems. Microsoft released a patch for WannaCry eight weeks before the global attacks; those that took advantage of this were unharmed.
幸运的是,许多系统都不容易受到Petya和WannaCry的攻击。 当前漏洞仅存在于旧版Windows中。 那些处于危险之中的是那些尚未更新其系统的人。 微软在全球攻击发生前八周发布了WannaCry补丁。 那些利用了这一点的人没有受到伤害。
The organisations which remain vulnerable are those whose business needs prevent them from upgrading their systems and those which are complacent. These are the organisations the attackers are targeting. And they are targeting. These are sophisticated criminal gangs looking specifically for those companies which find it difficult to upgrade because they cannot tolerate any downtime.
仍然易受攻击的组织是那些因业务需要而无法升级其系统的组织,以及那些自满的组织。 这些是攻击者针对的组织。 他们正在瞄准。 这些都是复杂的犯罪团伙,专门为那些因无法承受任何停机而难以升级的公司寻找。
As for the future, new ransomware viruses may be able to exploit a wider range of vulnerabilities. Just because you are immune from WannaCry or Petya doesn’t mean you’ll be immune to the next big attack. As a matter of policy, updating your software should be done as soon as possible after an update or patch is released.
对于未来,新的勒索软件病毒可能能够利用更广泛的漏洞。 仅仅因为您可以免受WannaCry或Petya的侵扰,并不意味着您就可以免受下一次重大攻击。 根据政策,应在发布更新或补丁后尽快进行软件更新。
您不能仅依靠防病毒软件 (You cannot rely on antivirus alone)
What makes ransomware even more challenging is that the viruses are designed to be stealthy: only 30% of antivirus programs were sophisticated enough to detect WannaCry. This is because cybercriminals analyse the signatures antivirus software looks for in a virus and then adapt their ransomware so that those signatures can’t be detected.
使勒索软件更具挑战性的是,这些病毒被设计为隐形的:只有30%的防病毒程序足够复杂,足以检测WannaCry。 这是因为网络罪犯会分析防病毒软件在病毒中寻找的签名,然后改编其勒索软件,以便无法检测到这些签名。
When, finally, an antivirus company releases an update that does detect the ransomware, the cybercriminals use the update to make further cloaking modifications. For this reason, antivirus software cannot be the only means of protection you use.
最终,当一家防病毒公司发布了能够检测到勒索软件的更新程序时,网络犯罪分子使用该更新程序进行了进一步的伪装修改。 因此,防病毒软件不能成为您使用的唯一保护手段。
培训员工 (Train your employees)
The biggest cause of ransomware infection is staff clicking on malicious links in emails, visiting malicious sites or clicking on malicious advertisements. The vast majority of this is unintentional and down to plain old ignorance about how malware is transmitted.
勒索软件感染的最大原因是工作人员单击电子邮件中的恶意链接,访问恶意站点或单击恶意广告。 绝大多数是无意的,甚至可以说是对恶意软件的传播方式一无所知。
Training you staff about cyber security is essential and can massively reduce the risk of infection. Staff need to know how to recognise suspicious emails, fake hyperlinks, dodgy websites and malicious social media posts and they also need training on how to use the internet and email safely. In addition, you should update your Acceptable Use Policy to make sure procedures for using IT are up to date with current threats.
对您的员工进行网络安全培训是必不可少的,它可以大大降低感染风险。 员工需要知道如何识别可疑电子邮件,伪造的超链接,晦涩的网站和恶意的社交媒体帖子,还需要接受有关如何安全使用互联网和电子邮件的培训。 另外,您应该更新您的可接受使用政策,以确保使用IT的过程与当前威胁保持同步。
It’s not only staff that can make your system vulnerable. Anyone who has access to your network, such as business partners, consultants or clients can open doors to an attacker. Make sure these people and organisations comply with your security procedures and have access to essential training.
不仅仅是员工会使您的系统易受攻击。 任何可以访问您的网络的人,例如业务合作伙伴,顾问或客户,都可以向攻击者敞开大门。 确保这些人员和组织遵守您的安全程序并可以接受基本培训。
负责任地共享数据 (Share data responsibly)
Most organisations will regularly share data with external partners as part of their day to day operations. To ensure that these communications are secure, any data sent or received should be encrypted, scanned for viruses and require authentication before being accessible to the recipient. Weak data security has led to many attacks on businesses, especially phishing, CEO Fraud and ransomware.
大多数组织会在日常运营中定期与外部合作伙伴共享数据。 为了确保这些通信的安全性,发送或接收的所有数据都应进行加密,扫描病毒并需要进行身份验证,然后收件人才能访问。 薄弱的数据安全性导致对企业的许多攻击,尤其是网络钓鱼,CEO欺诈和勒索软件。
One particular concern is letting attackers get access to your FTP platform from where they can launch ransomware attacks from inside the network. To prevent this, make sure you employ highly secure and data sharing methods, for example, a Secure Managed File Transfer system.
一个特别令人关注的问题是,让攻击者可以从您的FTP平台访问它们,从那里他们可以从网络内部发起勒索软件攻击。 为避免这种情况,请确保使用高度安全的数据共享方法,例如安全托管文件传输系统。
结论 (Conclusion )
WannaCry and Petya have once again shown us the damage that ransomware can do. If you are the victim, there’s the expense of restoring your system, the loss of revenue through downtime, and cost of reputational damage. Even worse, is the impact of this on those who rely on you. These two ransomware packages have been responsible for power cuts, A&E closures, airport delays and even stopping radiation monitoring at Chernobyl.
WannaCry和Petya再次向我们展示了勒索软件可能造成的损害。 如果您是受害者,那么就需要恢复系统,因停机而造成的收入损失以及声誉损失的成本。 更糟糕的是,这对依赖您的人的影响。 这两个勒索软件程序包导致断电,A&E关闭,机场延误甚至停止了切尔诺贝利的辐射监测。
Sooner or later, governments are going to demand that organisations be held accountable for loss, damage or injury caused by companies which have not updated and patched software or have not put stringent security measures in place. There will be new compliance regulations and injury lawyers will have a field day with negligence claims.
迟早,政府将要求组织对没有更新和修补软件或没有采取严格安全措施的公司造成的损失,损害或伤害负责。 将有新的合规性法规,伤害律师将在野外日提出过失诉讼。
Hopefully, from reading this article, you can see the real threats that ransomware poses and will have a better understanding of how to safeguard against them.
希望通过阅读本文,您可以了解勒索软件所构成的真正威胁,并将对如何防范勒索软件有更好的了解。
If you are looking for highly secure hosting for your organisation, contact us on 0800 862 0380 and we will be happy to discuss how we can keep your system safe and help you stay compliant.
如果您正在为组织寻找高度安全的托管服务,请致电0800 862 0380与我们联系,我们将很高兴讨论如何保持系统安全并帮助您保持合规性。
petya病毒分析
1704
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
