小鎮(zhèn)在網(wǎng)絡(luò)攻擊中避免支付500萬美元的巨額贖金

小鎮(zhèn)在網(wǎng)絡(luò)攻擊中避免支付500萬美元的巨額贖金

When the city of New Bedford, Mass., was hit by a ransomware attack in July, with hackers demanding $5.3 million in bitcoin to release the city's data, town officials tried an old law enforcement tactic to deal with hostage-takers: open dialogue and stall for time.

今年7月，馬薩諸塞州新貝德福德市遭到勒索軟件攻擊，黑客要求用530萬美元的比特幣換取該市的數(shù)據(jù)，該市官員嘗試了一種古老的執(zhí)法策略來對(duì)付劫持者：公開對(duì)話，拖延時(shí)間。

New Bedford's computer network was attacked with Ryuk ransomware on the night of July 4, Mayor John Mitchell told reporters on Wednesday. Because the attack occurred over a holiday and most computers were shut off, the malware spread to just 4% of the city's more than 3,500 computers.That was the first lucky break.

新貝德福德市長約翰·米切爾周三告訴記者，7月4日晚，新貝德福德市的電腦網(wǎng)絡(luò)遭到了流氓勒索軟件的攻擊。由于攻擊發(fā)生在假日期間，大多數(shù)電腦是關(guān)閉的，所以該惡意軟件僅傳播了該市3500多臺(tái)電腦的4%。這是第一次幸運(yùn)的逃過一劫。

After IT personnel discovered the attack the next day, city officials contacted the anonymous hacker through an email address provided and were told to pay the ransom — one of the largest-ever known demands for such an attack — in exchange for a decryption key to unlock the city's data.

第二天，在IT人員發(fā)現(xiàn)攻擊后，市政官員通過被提供的電子郵件地址聯(lián)系了匿名黑客，并被告知支付贖金——這是迄今為止對(duì)此類攻擊已知的最大要求之一——以換取解密密鑰來解鎖該市的數(shù)據(jù)。

Mitchell said he was initially opposed to talking with the attacker, a position most cybersecurity experts recommend. Experts say paying the ransom can encourage hackers to launch other attacks or repeated strikes against a city that paid up.

米切爾說，他最初反對(duì)與攻擊者對(duì)話，這是大多數(shù)網(wǎng)絡(luò)安全專家建議的立場。專家表示，支付贖金可能會(huì)鼓勵(lì)黑客發(fā)動(dòng)其他攻擊，或?qū)χЦ哆^贖金的城市發(fā)動(dòng)多次襲擊。

But Mitchell changed his mind, offering the perpetrator $400,000, using insurance proceeds, because that was about how much other cities had paid in similar circumstances to get their files back. The city's insurance policy covers ransom payments, and Mitchell insisted it would not have come out of taxpayers' pockets.

但米切爾改變了主意，用保險(xiǎn)金支付給作惡者40萬美元，因?yàn)檫@差不多是其他城市在類似情況下為取回他們的文件所支付的金額。該市的保險(xiǎn)單涵蓋了贖金，米切爾堅(jiān)稱這筆錢不會(huì)出自納稅人的口袋。

Even if negotiations were unsuccessful, it would "buy the city time" to strengthen security ahead of another attack and to figure out whether engineers could restore the data without a decryption key, Mitchell said.

米切爾說，即使談判沒有成功，它也會(huì)“為城市爭取時(shí)間”，在另一場攻擊之前加強(qiáng)網(wǎng)絡(luò)安全，并確定工程師們能否在沒有解密密鑰的情況下恢復(fù)數(shù)據(jù)。

The plan worked. While officials were talking to the attacker, the city's IT personnel were able to restore a large portion of the data via backup systems.

這個(gè)計(jì)劃生效了。當(dāng)官員們與攻擊者交談時(shí)，該市的IT人員能夠通過備份系統(tǒng)恢復(fù)大部分?jǐn)?shù)據(jù)。

Since then, city officials have made "tremendous progress" in using backup servers to recover or reconstruct the rest of the data, the mayor said. The city is also implementing new security software and new protocols.

市長說，從那時(shí)起，市政府官員在使用備份服務(wù)器恢復(fù)或重建其余數(shù)據(jù)方面取得了“巨大的進(jìn)展”。該市還在實(shí)施新的安全軟件和協(xié)議。

"Cybersecurity experts were able to remind us that every computer network, however hardened, is always just one keyboard click away from allowing malicious code to slip past its defenses," Mitchell said at the news conference.

米切爾在新聞發(fā)布會(huì)上說:“網(wǎng)絡(luò)安全專家提醒我們，每一個(gè)計(jì)算機(jī)網(wǎng)絡(luò)，無論多么堅(jiān)固，只要點(diǎn)擊一下鍵盤，惡意代碼就會(huì)越過防御系統(tǒng)。”

New Bedford is just the latest municipality to be hit in a string of recent ransomware attacks this year. More than 40 cities and towns have fallen victim to ransomware, including 22 in Texas alone, The New York Times reported. While the government computer systems of Atlanta and Baltimore were infected with these viruses, most of this year's attacks have targeted smaller cities, according to the IT security firm Barracuda.

新貝德福德是今年一系列勒索軟件攻擊中最新一個(gè)受到攻擊的城市。據(jù)《紐約時(shí)報(bào)》報(bào)道，已有40多個(gè)城鎮(zhèn)成為勒索軟件的受害者，僅德克薩斯州就有22個(gè)。據(jù)IT安全公司Barracuda稱，雖然亞特蘭大和巴爾的摩的政府計(jì)算機(jī)系統(tǒng)感染了這些病毒，但今年的大多數(shù)攻擊目標(biāo)都是較小的城市。

Ransomware often spreads through phishing emails that contain harmful attachments.

勒索軟件通常通過含有有害附件的網(wǎng)絡(luò)釣魚電子郵件傳播。

When a similar attack hit Lake City, Fla. — a town of only 12,000 residents — officials paid up because their backup servers were compromised. In that case, the ransom was $460,000 and only $10,000 came out of taxpayer.

佛羅里達(dá)州萊克城(Lake City)也發(fā)生了類似的襲擊，這個(gè)小鎮(zhèn)只有1.2萬居民，該小鎮(zhèn)的官員支付了這筆費(fèi)用，因?yàn)樗麄兊膫溆梅?wù)器遭到了攻擊。在那次事件中，贖金為46萬美元，只有1萬美元來自納稅人。