最后更新于2024年5月9日星期四14:48:53 GMT

如果你关注网络安全, you’ve likely seen one of the many articles written recently on the one-year anniversary of the Colonial Pipeline ransomware attack, 哪个项目的燃料供应暂停了6天, 破坏ing air 和 road travel across the southeastern states of the US. 的 Colonial attack was the biggest cyberattack against US critical infrastructure, 使其成为勒索软件领域的游戏规则改变者, so it is absolutely worth noting the passage of time 和 investigating what’s changed since.

这个博客将做到这一点, 但我会采取稍微不同的策略, 因为我也在庆祝 勒索软件特别工作组(RTF)的报告, 它为想要阻止的政策制定者提供了48条建议, 破坏, 准备, 并回应 ransomware攻击. 这份报告是在殖民袭击前一周发布的.

Last week, I participated in an excellent event to mark the one-year anniversary of the RTF report. 会议期间, various ransomware experts discussed how the ransomware l和scape has evolved over the past year, 政府的行为是如何形成这种局面的, 还有什么需要做的. 的 Institute for Security 和 Technology (IST), which convenes 和 runs the RTF, has issued a 抓住上面的要点. 这个博客提供了我对这个问题的看法, 但它并不详尽, 我建议大家读一读官方论文.


回顾过去的一年, 在很多方面, the Colonial attack – along with ransomware攻击 on the Irish Health Service Executive (HSE) 和 JBS, 世界上最大的肉类加工公司, all of which occurred during May 2021 – highlighted the exact concerns outlined in the RTF report. 具体地说, the RTF had been convened based on the view that the high level of attacks against healthcare 和 other critical services through the p和emic made ransomware a matter of national security for those countries that are highly targeted.

鉴于此, one of the most fundamental recommendations of the report was that this be acknowledged 和 met with a senior leadership 和 cross-governmental response. 的 Colonial attack resulted in President Biden addressing the issue of ransomware on national television. 随后,我们看到了 巨大的跨政府关注 在ransomware, 包括国土安全部在内的部门宣布了相关措施, 财政部, 正义, 和国家. We’ve also seen both Congress 和 the White House working on the issue. 尽管美国政府在回应中直言不讳, we have seen other governments also focusing on this issue as a priority 和 working together to amplify the impact of their action.

2021年6月, the Group of Seven (G7) governments of the world’s wealthiest democracies addressed ransomware at its annual summit. 由此产生的 公报 capturing the group’s commitments includes pledges to work together to address the threat. In October 2021, the White House hosted the governments of 30 nations to discuss ransomware. 该活动启动了 反勒索软件计划(CRI), committing to collaborate together to find solutions to reduce the ransomware threat. CRI已经确定了进一步探索和行动的关键主题, with a similar focus on deterring 和 破坏ing attacks 和 driving adoption of greater cyber resilience.


这 is all heartening to see 和 strongly aligns with the ethos 和 recommendations of the RTF recommendations. 深入研究更多的细节, 还有许多进一步的领域是一致的, 包括启动协调的提高意识项目, 实施制裁, 加密货币监管审查, 以及对事故报告法规的关注. RTF provides a great deal more detail on these areas of alignment 和 the progress that has been made, 以及需要更多关注的领域.

这, 我相信, 关键是:已经取得了很大的进展, both in terms of building underst和ing of the problem 和 in developing alignment 和 collaboration among stakeholders, 然而,还有大量的工作要做. 的 partnerships between multiple governments — 和 between the public 和 private sectors — are hugely important for improving our odds against the attackers, 但进步不会一蹴而就. It will take time to see the real impact of the measures already taken, 还有一些措施有待确定, 发达, 和实施.


我们必须保持专注,保持参与, which is not easy when there are so many other dem和s on governments’ 和 business leaders’ limited time 和 resources. 的 俄罗斯/乌克兰冲突 毫无疑问是一个非常耗时的重点领域, though expectations that offensive cyber operations would be a key element of the Russian action have perhaps helped increase awareness of the need for cyber resilience. 的 economic downturn is another huge pressure 和 will almost certainly reduce critical infrastructure providers’ investments in cybersecurity as the cost of business increases in other areas, 导致预算削减. While both of these developments may distract governments 和 business leaders from ransomware, they may also increase ransomware activity as economic deprivation 和 job scarcity encourage more people to turn to cybercrime to make a living.

According to law enforcement 和 other government agencies, as well as the 网络保险 sector, the reports of ransomware incidents are slowing down or declining. 由于长期缺乏一致的事件报告, 很难将其置于背景中, 虽然我们非常希望它能减少袭击, 我们不能说情况就是这样. 安全研究人员 报告该活动 黑暗的网络 seems to be continuing at pace with 2021, a record year for ransomware攻击. It’s possible that the shift in view from law enforcement could be due to fears that involving them will result in regulatory repercussions; reports to insurers could be down due to the introduction of 更严格的索赔要求.

关键是现在下结论还为时过早, which is why we need to maintain a focus on the issue 和 seek out data points 和 anecdotal evidence to help us underst和 the impact of the government action taken so far, 所以我们可以继续探索和调整我们的方法. 持续关注, 持续的合作, 和 more data will help ensure we put as much pressure as possible 在ransomware actors 和 the governments 和 systems that allow them to flourish. 随着时间的推移,这就是我们取得进展的方式 ransomware预防.


