What you can learn from one co-op’s ransomware attack
Kyle Kurth, left, 在2021年9月遭受网络攻击后,乔恩·朗兰花了数周时间重新安装了水晶谷合作社的服务器和计算机.
去年9月的一个周日早上,乔恩·朗兰登陆了他的合作工作账户, 他发现自己没有收到合作公寓系统每天早上的更新信息.
“Initially, I didn’t think anything of it. I presumed it was a hardware or provider issue,” says Langland, IT manager for Crystal Valley Cooperative, based in Mankato, Minn. 他给首席执行官罗杰·金霍尔茨和系统澳门皇冠赌场平台员凯尔·库尔斯发了短信,然后开车去了位于曼卡托市中心的合作社数据中心,看看能否解决这个问题.
Later that day, 在合作社的16个地点和数据中心的许多地方,电脑显示器上都弹出了不祥的消息. “有一份声明说我们所有的文件都被加密了, and to get our data back and keep our privacy safe, we must click on a file and follow the instructions,” recalls Kienholz.
美国网络安全和基础设施安全局(Cybersecurity and Infrastructure Security Agency)报告称,这次攻击背后的犯罪组织可能与一个讲俄语的组织有关,联邦调查局指责该组织几个月前对Colonial Pipeline进行了勒索软件攻击. The criminals encrypt networks and data, making it inaccessible, then demand ransom payments ranging from $80,000 to $15 million to be paid in cryptocurrency.
朗兰和金霍尔兹当时并不知道,但水晶谷并不孤单. That same weekend, a large co-op in central Iowa was attacked by the same group, 就在几周前,联邦调查局发布了澳门皇冠赌场平台食品和农业部门遭受勒索软件攻击的警告.
These attacks have become more frequent across all industries, according to the FBI Internet Crime Complaint Center. The center received 2,084 ransomware complaints from January to July 31, 2021, a 62% year-over-year increase. In 2020 (the most recent year financial statistics are available), companies reported ransomware losses of $29.1 million. 而且这个数字只包括赎金支出,不包括与攻击相关的其他成本.
Cyberattacks can cause logistical nightmares
正如水晶谷团队很快了解到的那样,这些成本在时间和金钱上都是相当可观的. Kienholz说,他们决定不点击信息中的文件,也不回应随后的骚扰电话. “我们从未发现赎金要求是什么,也从未与他们谈判过,”他说. “We decided we weren’t going to let the bad guys win.”
Drawing that hard line meant the company’s networks, data and automated systems were inaccessible for weeks. 每一个自动化过程都必须立即转移到纸和笔上,而且时间安排得再糟糕不过了, says Kienholz, with harvest just beginning.
水晶谷谷物升降机团队必须在纸上手写车辆重量和水分测试结果, causing long delays. 该合作社的自动化皇冠hga010安卓二维码和农艺业务受到了影响, too, 燃料和丙烷的交付需要手写的票据,定制的应用程序需要纸质的说明,亲自交付给肥料招标司机.
合作社的饲料加工厂也依赖于自动化系统,完全关闭了大约10天. In a heartening show of support, 六家邻近的合作社和其他六家当地皇冠hga010安卓二维码介入,帮助生产和运送饲料.
“墙上贴满了海报大小的便利贴,因为我们必须手动跟踪每件事,” says Kienholz. “We had to record when a farm needed so many tons of feed, which mill was making it for us, and which trucks would pick up the feed and deliver it. It was a logistical nightmare.”
联邦调查局和网络安全恢复皇冠hga010安卓二维码的法医调查, both of which assisted Crystal Valley after the attack, 无法确定合作社的数据是否真的被盗了, 但水晶谷在其网站上发布了通知,并向15家皇冠hga010安卓二维码寄去了信件,000 owners, customers, 让供应商和其他商业伙伴知道敏感信息可能已被泄露.
调查人员确定,这次网络攻击很可能是通过一台备用服务器进行的,该服务器几年前曾用于将该合作社的电子邮件系统迁移到云端,目前仍与网络相连. “它被遗忘了,因为除了电子邮件迁移之外,它从来都不是一个真正的要求,” says Langland.
What you can learn from the cyberattack
经过大量的工作,水晶谷的运营基本上已经恢复正常, says Kienholz. With the help of a company specializing in cyberattack recovery, the co-op team rebuilt systems, 将其网络的部分隔离,使入侵者更难到达所有数据, strengthened passwords and multifactor authentication, reinstalled computers and servers, 限制对各种系统的澳门皇冠赌场平台访问权限,并投资于监视恶意活动的端点检测和响应系统.
他们还加大了对员工进行网络安全措施培训的力度, 尽管网络攻击的切入点并不是员工账户. 兰格兰说,这些额外的安全措施加起来总共花费了水晶谷大约20万美元.
No one is immune to cyberattacks, says Kienholz. “在攻击发生前的几个月,我们已经开始与网络安全供应商进行谈判, but my mindset was that we’re a small company in rural America, so who would possibly be interested in messing with us?” he says. “My mind obviously has changed considerably since then.”
Related stories:
Check out the full Winter 2022 issue of C magazine with this article and more.