Ransomware is a coined word that combines "Ransom" and "Software".This is a malicious program aimed at ransom request, and can be defined as a type of malware.In 2017, Wannacry, a global rampage, made the world a threat of ransomware.Since then, it does not know that ransomware damage, such as the variants of Wannacry and attacks via EMOTET, which increased infectious, will remain.
Ransomware is the number one threat to the organization's sector in the "Information Security 10 Great Threat 2021" announced by the IPA (Independent Administrative Organization Information Processing Agency).It is said that the damage of the world's ransomware in 2020 was nearly $ 20 billion, and ransomware damage aimed at VPN peripheral devices, which has been introduced as a remote work means in Corona.It has occurred.
As mentioned earlier, ransomware is considered to be a type of malware.In the first place, malware is a general term for software and programs that perform illegal and harmful operations.It is developed and created for the purpose of fraudulent personal information, spoofing, thefor of money, and transitioning criminal acts.The following is a representative type of malware.
Malware created for ransom request.Data in the storage connected to the infected computer or its computer is intentionally encrypted.A ransom is required in exchange for the decryption, but there is no guarantee that data can be restored even if it responds to the request.
ランサムウェアはマルウェアと何が違うのか?A kind of malware bearing the name of Trojan horses in Greek mythology.At first glance, it invades a personal computer, such as pretending to be useful software, fraudulently the data, downloading other malware, and helping to attack.
新種「Emotet」の登場など、今なお続くトロイの木馬の危険性The worm is a malware that grows by operating independently, rather than a specific file.If you are infected with a worm, it will have various adverse effects, such as the operation of your computer.In recent years, there have been cases where it has been used illegally for the mining of cryptocurrency (virtual currency).
バックドアとは本来、不正な操作を行うための通信口を設ける行為を指すが、バックドア型のマルウェアをバックドアと呼ぶことがある。バックドアに感染することで、さらなる別のマルウェアへの感染やパソコン内の動作状況などのデータをC&Cサーバーへ転送するといった不正を働く。
バックドアを利用したサイバー攻撃の仕組みと事例
Spyware is a malware that steals information in the terminal and fraudulently sends the information to the attacker.If you leak authentication information such as IDs and passwords and credit cards and other payment information, there is a risk of spoofing and financial damage.
Malware monitors and records the status of keyboard input of the terminal and fraudulently the information such as passwords.
In recent years, these malware is often used for attacks by combining multiple combinations, rather than using it alone.
The main route of ransomware is websites and e -mails, but there are also ads, SNS, SMS, etc.In recent years, the method has been sophisticated, and the number of malicious things that can be infected by stepping on multiple methods and steps are increasing.For example, the downloader starts after opening the attachment, those that are infected using JavaScript via the website, or those that aim for vulnerabilities such as OS and middleware, such as vulnerabilities called "EternalBlue".It is listed.
ランサムウェアの感染経路と求められる対策とは?In Corona, ransomware attack methods have been diversified, with ransomware such as "Nefilim", which is said to have pierced the vulnerabilities of RDP (remote desktop protocol).Below, we will organize and introduce for each ransomware method.
A type that is infected by sending a variety of emails to an unspecified number of people, and proliferates from there.It's close to an approach like spam."Wannacry", which was very popular in 2017, corresponds to a ranski ransomware.
改めて振り返る「WannaCry」の危険性とは?It is also called "ransomware attack via human resources" or "system intrusion ransom".Aim for a specific organization, invade the company's network, and infect it via a network.Ragnar Locker, which aims for domestic game companies, is a targeted ransomware.
It is also called a "double practice" because it is not limited to the intimidation of the data, but the transaction is not established, and that the data is disclosed to the whole world.Criminal groups are more malicious than normal ransomware, such as installing a place for publication on the dark web."Maze", "Netwalker", and "Ragnar Locker" described above are applicable.In recent years, more and more intimidation, such as continuing DDOS attacks until transactions, is increasingly intimidated.
米国セキュリティレポートから見えてくる、今後のサイバー犯罪の動向とは?【後編】RaaS is an acronym for "Ransomware as a Service".Ransomware is being established as a dark business, such as the establishment of an ecosystem for that.Specifically, there are a group of criminals that provide a mechanism for launching ransomware attacks, and a collaborator who uses it to actually attack, and distributes the profits obtained in ransom.DarkSide, which aims for the oil pipeline described later, is one of the criminals that provides this RaaS.
ダークウェブの基礎知識 何が取引され犯罪に利用されているのかThe threat of ransomware is expanding worldwide.Here are three damage cases.
In May 2020, a major US oil pipeline was attacked by Ransomware criminal group DARKSIDE.With this attack, the criminal group invaded the network for password authentication of the company's old VPN.In less than two hours, more than 100GB of data was stolen, and a double intimidation of ransom and information disclosure were performed.The company has paid a ransom of about 480 million yen due to a major impact on pipeline operations.It is said that the authorities' investigations have recovered about half of 250 million yen.
In November 2020, a major domestic game company was infected with the ransomware "Ragnar Locker".In this attack, the company's vulnerabilities of the company's VPN device were fraudulently invaded into the internal network.Later, it is said that ransomware spread.It has been discovered that this attack has leaked about 15,000 personal information.
In June 2020, a major domestic automaker infected with ransomware "Ekans (Snake)".The company caused a global system failure to have a major impact on the production and shipment of factories.The "ekans" used in the attack was said to have been customized to aim for the company.
In recent years, ransomware has been structured, and its targets are spreading regardless of size.The only cases introduced earlier are large companies, but all companies are required to take measures regardless of size.The following five measures are introduced as a typical ransomware measure.
The introduction of security software is no longer a basic measure, but I want to recognize its importance.Security software has a function to filter suspicious email filtering and dangerous websites.In addition, the suspicious movements on the UEFI of memory and personal computers and behaviors suspected of ransomware are also detected and blocked.By comprehensively protecting the so -called endpoint area, safety is enhanced.
Some ransomware is infected for the vulnerabilities of the OS and applications.Although it is not limited to ransomware, keeping software in the latest state is one of the important measures for security.
As represented by targeted ransomware, ransomware attacks are very sophisticated, and social engineering methods that pierce the psychological weakness of users are frequently used.Therefore, it is necessary to provide education, such as not opening any suspicious emails to employees or clicking the URL in the email text easily.
Ransomware encrypts data and demands ransom.In case of ransomware infected, data should be backed up.However, if the backup system is connected to the network when infected, the system itself may be encrypted.I want to store it on a physically different device or medium, or to back up on a different network.
According to the case of the petroleum pipeline mentioned earlier, it was alleged that the old VPN device was only password authentication, so it was allowed to enter due to a total attack.Not to mention the password setting itself, but also the introduction of multi -factor authentication, and to strengthen the authentication mechanism, it is also effective as a ransomware.
Ransomware increases as a criminal act for raising profits such as target type and RaaS.Some criminal groups are targeting Japanese companies, such as SODINOKIBI (also known as Revil).According to a material announced by the National Police Agency in September 2021, the number of ransomware damage in Japan increased by about 21 in the second half of 2020 to 61 in the first half of 2021.As in the previous case, damage to domestic companies is continuous.It's very natural, but it's too late to regret after being damaged.
The first step is to take basic measures against ransomware, such as updating the OS and software, further enhancing security education for employees, and thoroughly acquiring backups.Then, use tools such as security software as needed to increase the defense of the entire organization.Ransomware damage is not only financially financial, but also a loss of trust as a company.From the perspective of business continuity, more aggressive initiatives are required, regardless of corporate size.