你可以从一个合作社的勒索软件攻击中学到什么
凯尔Kurth, 左, and Jon Langland spent weeks reinstalling Crystal Valley Cooperative’s servers and computers after a cyberattack in September 2021.
When Jon Langland logged into his cooperative work account on a Sunday morning last September, he discovered he hadn’t received the regular morning updates from the co-op’s systems.
“一开始,我什么也没想. 我以为这是硬件或供应商的问题,朗兰说。, 水晶谷合作社的IT经理, 总部设在曼卡托, 明尼苏达州. He texted CEO Roger Kienholz and System Administrator 凯尔Kurth and drove to the co-op’s data center in downtown Mankato to see if he could troubleshoot the problem.
那天晚些时候, ominous messages popped up on computer monitors at many of the co-op’s 16 locations and at the data center. “There was a statement saying all of our files have been encrypted, 拿回我们的数据,保护我们的隐私, 我们必须点击文件并按照说明操作,金霍尔兹回忆道.
The Cybersecurity and Infrastructure Security Agency reports the criminal group behind the attack is likely related to a Russian-speaking group the FBI blames for a ransomware attack on Colonial Pipeline a few months earlier. 犯罪分子对网络和数据进行加密, 使其无法访问, 然后要求支付80美元不等的赎金,000至1500万美元将以加密货币支付.
Langland and Kienholz didn’t know it then, but Crystal Valley was not alone. 同一个周末, 爱荷华州中部的一家大型合作社也遭到了同一群人的袭击, just weeks after the FBI released a warning about ransomware attacks in the food and agriculture sector.
这些攻击在所有行业都变得越来越频繁, 根据联邦调查局网络犯罪投诉中心的说法. 该中心收到了2个,1月至7月31日的084宗勒索软件投诉, 2021, 同比增长62%. In 2020 (the most recent year financial statistics are available), 皇冠hga010安卓二维码报告称,勒索软件造成的损失为29美元.100万年. And that number includes only ransom payouts, not other costs associated with the attacks.
网络攻击会造成后勤方面的噩梦
As the Crystal Valley team soon learned, those costs can be considerable — in both time and money. Kienholz says they decided not to click on the file in the message or respond to the harassing phone calls that followed. “We never found out what the ransom demand was, and we never negotiated with them,他说. “我们决定不让坏人赢.”
这条强硬的界线意味着该皇冠hga010安卓二维码的网络, 数据和自动化系统连续数周无法访问. Every automated process had to move immediately to paper and pen — and the timing couldn’t have been worse, 说Kienholz, 收获刚刚开始.
Crystal Valley grain elevator teams had to hand-write vehicle weights and moisture testing results on paper, 造成长时间的延误. The co-op’s automated energy and 澳门皇冠赌场平台 businesses were affected, 太, requiring handwritten tickets for fuel and propane deliveries and paper instructions for custom applications delivered in person to fertilizer tender drivers.
The co-op’s feed mills, which also rely on automated systems, shut down completely for about 10 days. 这是一种令人振奋的支持, six neighboring co-ops and six other local companies stepped in to help manufacture and deliver feed.
“There were poster-sized sticky notes plastered all over the walls because we had to track everything manually,金霍尔兹说. “我们必须记录一个农场什么时候需要这么多吨饲料, 是哪家工厂为我们做的, 哪些卡车会接收并运送. 这是一场后勤方面的噩梦.”
Forensic investigations by the FBI and a cybersecurity recovery firm, 他们都在进攻后协助了水晶谷, were unable to determine whether co-op data had actually been stolen, but Crystal Valley posted a notice on its website and mailed letters to 15,000年的主人, 客户, suppliers and other business partners to let them know sensitive information may have been compromised.
The investigators determined the cyberattack likely came in through a spare server that had been used for migrating the co-op’s email systems to the cloud several years ago and was still connected to the network. “It got forgotten because it was never really a requirement except for the email migration,朗兰说。.
你可以从这次网络攻击中学到什么
Crystal Valley operations are largely up and running again after a staggering amount of work, 说Kienholz. 在一家专门从事网络攻击恢复的皇冠hga010安卓二维码的帮助下, 合作团队重建了系统, isolated parts of its network to make it harder for intruders to reach all data, 加强密码和多因素认证, 重新安装计算机和服务器, limited administrative access to various systems and invested in an endpoint detection and response system that monitors for malicious activity.
They’re also doubling down on training employees on cybersecurity measures, even though the entry point for the cyberattack was not an employee account. Combined, the added security measures cost Crystal Valley about $200,000, says Langland.
Kienholz说,没有人能免受网络攻击. “We had started to talk to cybersecurity vendors in the months before the attack, 但我的想法是,我们是美国农村的一家小皇冠hga010安卓二维码, 所以谁会有兴趣和我们作对呢?他说. “从那以后,我的想法显然发生了很大的变化.”
相关故事:
请查看完整的 2022年冬季C杂志 随着这篇文章和更多.