1、KillDisk变种或将勒索软件引入工控领域
标题:Destructive KillDisk Malware Turns Into Ransomware
作者信息:December 28, 2016 By Eduard Kovacs
//BEGIN
A recently discovered variant of the KillDisk malware encrypts files and holds them for ransom instead of deleting them. Since KillDisk has been used in attacks aimed at industrial control systems (ICS), experts are concerned that threat actors may be bringing ransomware into the industrial domain.
曾经在乌克兰停电APT攻击中被使用的一个恶意组件代码KillDisk最近发生了一些异动:不删除文件,而改变策略为直接加密文件,并勒索那些潜在的目标。赎金还不低,多达222比特币(大约21万美刀),看样子在钓大鱼呢。
勒索看样子这是要进军工控领域呢!
//END
Experts pointed out that industrial organizations can be an ideal target for ransomware for several reasons, including the fact that cyber-disruptions can result in physical safety risks and production outages, network operations typically cannot be easily shut down, data backup processes may not cover all the required data, and the employees of industrial organizations might be less aware of cyber threats.
“Enterprises are more likely to quietly pay the ransom because of concerns that going public with cyberattacks will invite greater scrutiny from regulators, and possibly fines (environmental, safety, etc.),” said Phil Neray, VP of industrial cybersecurity at CyberX.
专家点评说:工控领域可不同于简单的个人的文档、资料以及一些网银、隐私等等,这属于关键的基础设施,一般都与实体的经济生活密切相关,主动长时间关闭或者停用是不现实的,而且数据备份不大可能迅速及时、恢复也不能瞬间完成,再加上本身工控领域里的网络安全防范意识要相对滞后,不少人还抱着这样的观点:我这是一个封闭的网络,不会感染恶意代码,更不会有啥勒索软件盯上!
更有安全专家指出工控领域的软肋:一般如果工控企业遭到勒索,那么大多会乖乖的交钱了事,否则可能会招来监管部门的更多的处罚、甚至罚款(这些肯定比勒索的赎金带来的损失还要高得多。)
点评:对付勒索软件,建议采用备份备份再备份的3B原则:Backup、Backup、Backup(Beifen、Beifen、Beifen)。[这招ICS领域好像不太灵,权做参考]
|