How one company refused to let cyberattackers win
公司如何让黑客难以得逞
In March 2019, the day after Hilde Merete Aasheim was appointed CEO of Norsk Hydro, an aluminum and renewable-energy production company that produces enough energy in Norway for 900,000 homes per year, she received a call at 4 a.m. "We are under a severe cyberattack. You have to come to work," Aasheim recalls a colleague on the other end of the line telling her. "This is not a drill."
挪威海德鲁公司是一家铝和可再生能源生产公司,每年为挪威90万户家庭提供能源。2019年3月,就在希尔德·梅雷特·阿斯海姆被任命为该公司首席执行官后的第二天,她在凌晨4点接到了一个电话。“我们遭到了严重的网络攻击,你得回来上班,”阿斯海姆回忆着,电话另一端的同事对她说。“这不是演习。”
Critical infrastructure systems around the globe have become a favorite target of hacker organizations. Last May's attack on Colonial Pipeline, a major oil provider on the East Coast of the U.S., showed not only how brittle corporate cybersecurity standards can be but also that integral businesses can potentially be extorted into paying ransoms. (Colonial Pipeline paid the attackers $4.4 million, though much of the money was later recovered by the U.S. government.)
全球的关键性基础设施系统已成为黑客组织最爱攻击的目标。去年5月,美国东海岸的大型石油供应商科洛尼尔管道运输公司遭到攻击,这不仅反映了企业的网络安全标准的脆弱,还预示着整合型企业可能会被勒索支付赎金。(科洛尼尔管道运输公司向攻击者支付了440万美元,不过后来大部分的钱都被美国政府追回。)
But paying a ransom "offers no assurance that a victim organization will regain access to their data or have their stolen data returned," says Eric Goldstein, executive assistant director for cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which assists companies caught up in ransomware incidents. "Ransomware is a criminal economy—and as long as victims are paying ransom, we can expect these criminal groups to be further incentivized to conduct ongoing attacks."
但是,美国网络安全和基础设施安全局(CISA)负责网络安全的执行助理主任埃里克·戈尔茨坦表示,支付赎金“并不能保证受害企业能够重新访问他们的数据,或者重新拿到被窃取的数据。”网络安全和基础设施安全局(CISA)旨在帮助陷入了勒索勒索病毒事件的公司。“勒索病毒是一种犯罪经济——只要受害者还在支付赎金,我们就可以预计这些犯罪集团将进一步受到鼓舞,进行持续的攻击。”
The attack against Hydro infected its global network of nearly 3,000 computers and encrypted key areas of the company's IT network. It stalled production in most of its manufacturing facilities. But paying the hackers to regain access could have left the company with a compromised system—and receptive to another attack. "There was never the option to pay any ransom," says Aasheim. So Hydro shut down its network and took up the task of removing the virus from the equation altogether.
针对挪威海德鲁公司的攻击感染了该公司全球近3000台电脑的网络,并加密了其IT网络的关键区域。它的大部分生产设施都停止了生产。但是,付钱让黑客重新获得访问权限可能会让公司的系统受损,并容易再次受到攻击。“从来就没有支付赎金这一选择,”阿斯海姆说。因此,海德鲁公司关闭了自己的网络,开始着手将病毒从方程式中彻底清除。
译文由可可原创,仅供学习交流使用,未经许可请勿转载。