Kaseya of the United States was attacked by hackers, and 1500 downstream enterprises were damaged. How can small and medium-sized enterprises prevent extortion virus?

7 month 2 Japan , The United States IT Management software manufacturer Kaseya Was attacked by hackers , Hacker gangs use their remote monitoring and management products VSA Of 0day Vulnerability sends ransomware to end users .

The hacker then claimed on the dark net that , Their malware infected more than 100 10000 systems . All victims were asked to pay a total of 7000 $10000 bitcoin , To obtain a “ Universal decryptor ” Restore file .

​Kaseya Said on Monday , There are about 50 Customers were directly affected by this attack . but Kaseya Many of our customers are managed service providers , For other enterprises IT service , So the enterprises actually affected are 1500 about , At present, no malicious modification of product source code has been found .

REvil Crazy crime , Three months of blackmail 2 Billion dollars

This attack , come from REvil Blackmail Software , Is the world's notorious blackmail software gangs .5 The largest U.S. fuel pipeline company that shocked the world in June Colonial Pipeline Encounter blackmail virus attack , Led to the eastern United States 17 A state of emergency has been declared in Washington, D.C., where the States and capitals are located , It is also closely related to the blackmail software . According to security researchers , Colonial Pipeline Blackmail virus encountered DarkSide Is based on REvil Developed .

REvil Blackmail Software , also called Sodinokibi, First appeared in 2019 year 4 month , They often extort tens of millions of dollars from the attacked enterprises . According to the intelligence statistics of Tencent Security Threat Intelligence Center , The organization 2021 The attack frequency has been significantly increased since , And it aims at high-value goals such as multinational enterprises or national key infrastructure ：

• 2021 year 3 month , The gang attacked Acer (acer) company , blackmail 5000 Thousands of dollars ;
• 2021 year 4 month , Before Apple released its new products , Attack Apple supplier huanxu Electronics , Threatening to disclose Apple design information in advance , blackmail 5000 Thousands of dollars ;
• 2021 year 5 month , The largest oil pipeline company in the United States Colonial Pipeline Encounter based on REvil Developed DarkSide Blackmail virus attack , Colonial Pipeline Paid more than 400 Ten thousand dollars in ransom ;
• 2021 year 5 month , Fuji Corporation of Japan is under blackmail attack , Website closed , Fortunately, the company restored the system with backup , It is said that REvil Of “ masterpiece ”;
• 2021 year 6 month , The world's largest supplier of meat products JBS Encounter blackmail virus attack , The attacker is still REvil, JBS Announce that the company has paid 1100 Million dollars to restore the system ;
• 2021 year 6 month , US Nuclear Suppliers Sol Oriens The company is REvil Another victim of the blackmail virus .

This time, , The gang targeted software providers Kaseya, This has caused a chain reaction of a series of enterprises in the downstream of the supply chain , Among them, only the Swedish grocery chain Coop Because of its PoS The supplier used Kaseya Customer supplied software , They were forced to close hundreds of stores . Let people realize the terrorist influence of the software supply chain after being attacked .

Instead of paying a ransom , It's better to take the initiative to defend in advance

It can be seen from recent events that , Although the primary target of hackers is high-value targets such as large enterprises or key infrastructure , But during the attack , Downstream SMEs may also be affected . With the acceleration of industrial digitalization , No matter the size of the enterprise , Data will become the core factor of production , The value of data is also growing .

However , Blackmail virus encryption means are complex , Decryption cost is high ; secondly , Use electronic money to pay ransom , Converted into cash quickly 、 Tracking is difficult ; Last , The emergence of blackmail software service , So that the attacker does not need any knowledge , As long as you pay a small amount of rent, you can carry out illegal activities of extorting software , Greatly reduce the threshold of blackmail software , Promoted the large-scale outbreak of extortion software .

Facing the increasing security risks , How should small and medium-sized enterprises take precautions ？

One 、 Enhance the safety protection awareness of enterprises

Whether it's a boss or an employee , Should pay attention to network security measures , Take precautions in advance .

《2021 Blackmail virus trend report and protection scheme suggestions in the first half of the year 》 Described in the , The means of transmission of blackmail virus are divided into 6 A direction ： Weak password attack 、U Disk worm 、 Software supply chain attack 、 System / Software vulnerability 、“ No documents ” Attack technology 、RaaS. thus it can be seen , Doing a good job of protection in advance can greatly reduce the probability of being recruited .

Tencent security experts suggest that enterprises should follow “ Three no three ” The principle is to build a defense system in advance .

Two 、 Cloud is the best solution to balance security and cost

Facing insufficient security budget for itself 、 For small and medium-sized enterprises lacking safety talents , Deploy your business on a secure cloud , Use cloud native services provided by cloud service providers SAAS Standardized security services , It's a The best choice to balance cost input and safety .

Generally speaking , To make effective protection against blackmail virus , The enterprise side needs to manage high-risk ports through vulnerabilities 、 Proactively identify potential vulnerability risks from the perspective of baseline inspection , Build a security line , And realize active defense through virus checking and killing engine . At the same time, it is also necessary to backup the data in advance , Recover and decrypt the data afterwards , Effectively recover losses . 

thus , On the one hand, enterprises should do a good job in basic safety protection , For example, the default configuration for the basic operating system （ High risk service port 、 Password policy, etc ） Secure , Convergence of risk assets ; On the other hand, we should always pay attention to the latest security trends , Collect Threat Intelligence , Upgrade and adjust the security protection according to the latest external environment ; meanwhile , We should also pay attention to the potential safety hazards or risks caused by human beings , For internal business 、 Carry out regular log audit for operation and maintenance , Timely discover the leakage of sensitive information caused by human negligence ……

For many small and medium-sized enterprises that need to focus on business development and growth , These complex processes require a large number of professional teams and funds , And it may delay the speed of business promotion due to security upgrade . But through the cloud , It can effectively balance the business development 、 The contradiction between cost input and safety level .

Take weipaitang, the head enterprise of entertainment e-commerce, as an example , Weibaitang is a medium-sized enterprise with more than 1000 employees , The business scale is in the stage of rapid development . The e-commerce industry has a lot of high-value data such as user information , There is no room for error in these figures . however , Facing the ever-changing security environment , Let such an enterprise in the period of rapid business development always pay attention to external factors 、 Slow down the development speed and make security adjustments and changes according to the environment , It is very difficult to invest in both the manpower and the cost of the professional team .

therefore , Micro photography hall chooses to put the server on the cloud ,“ The security products on Tencent cloud will always be sensitive to environmental changes , And make a positive response ” Zhanghuawei, head of the research and development center of weibaitang, introduced ,“ For example, the intelligence that a certain component has a vulnerability and is being exploited by hackers , The cloud will prompt users to upgrade in time , Give solutions .” under these circumstances , Enterprises can rely on the protection capability of the cloud , Quickly build your own security system , Reach a relatively safe level .

Tencent continues to provide tenants with native security protection products on the cloud , many SOC、 cloud Waf、 Cloud firewall, etc . After the customer goes to the cloud , You can choose the security products that meet your business needs , One button opening and closing 、 Pay as you go , Significantly reduce the cost of security deployment , Eliminate the threshold of safe operation 、 Raise the overall safe water level . according to the understanding of , at present , Tencent cloud's vulnerability intelligence capability has covered hundreds of intelligence sources , It can locate new security vulnerabilities and their impact scope at the minute level , Realize the security vulnerability disposal of the whole network within the daily level .

3、 ... and 、 Adopt the security concept of zero trust to deploy security defense

“ Zero trust ” It is one of the most concerned technical terms in the safety circle , So-called “ Zero trust ”, Namely “ Continuous verification 、 Never trust ”. The network system treats any login request equally , Never trust . Unless the visitor conforms to the rule logic set by the platform , Satisfy ： Trusted users 、 Trusted applications 、 Trusted devices 、 Trusted Links .

When an attacker breaks through an endpoint and tries to invade the core system of the network , Due to the protection of zero trust mechanism , The collapse system will be isolated in a very small range , It is difficult to move horizontally in the intranet , The destruction of blackmail virus can not lead to the capture of the entire enterprise business system , So as to avoid huge losses .