书籍推荐-勒索软件的历史与猎杀小组

本周精读一篇TE的书评，是一本关于勒索软件的书。

你还记不记得曾经“著名”的勒索软件事件呢？

勒索病毒软件有多“厉害”？它甚至能黑进很多国家的政府 络。

Cybercrime

络犯罪

The ransomware business is complicated, ruthless and growing fast

勒索软件行为复杂无情，但又发展迅速

Renee Dudley and Daniel Golden have written a useful guide to the subject

The Ransomware Hunting Team. By Renee Dudley and Daniel Golden. Farrar, Straus and Giroux; 368 pages; $30 and ￡23.99

本书名为The Ransomware Hunting Team 中文可暂译作《勒索软件猎杀小组》

ON JULY 16TH 2019 Teiranni Kidd, heavily pregnant, was admitted to hospital in Alabama. Unbeknown to her, the hospital had been hit with a ransomware attack—a malicious program had scrambled its computers, and the attackers were demanding money to restore them. With its systems down, medics were forced to rely on pen and paper to get their jobs done. In a subsequent lawsuit Ms Kidd alleges that, because of this, nobody noticed her daughter’s birth was going badly. The baby was eventually born with severe brain damage caused by a lack of oxygen during the delivery, and died nine months later.

2019年7月16日，一名叫Teiranni Kidd的孕晚期妇女去了一家位于阿拉巴马州的医院。她不知道的是，这家医院的 络系统已经被一个勒索软件（一种扰乱电脑工作，只有给袭击者赎金才能恢复系统的恶意软件）袭击了。

由于工作系统被黑客攻击，所以医院所有的住院登记等只能依靠护士用纸和笔来记录。

在随后的诉讼中，Kidd女士指控因为医院系统被黑，导致她在生产时出现糟糕的情况，也没有人察觉到。最终，她刚出生的女儿因生产时缺氧导致脑部严重受损，并在九个月后去世。

Over the past decade ransomware attacks have spread like knotweed. Alabama’s hospitals are not the only ones to have been affected. When Britain’s National Health Service was hit in 2017 more than a third of the country’s hospital trusts were compromised. In 2021 a big American oil pipeline was crippled, leading to a declaration of emergency in 17 states and Washington, DC. Train services, ports and even entire cities have been affected, as have millions of ordinary people who have seen family photographs, work projects and private documents held hostage by attackers.

在过去的十年间，勒索软件如野草般疯狂传播。阿拉巴马州医院并不是唯一一个遭受这类袭击的部门。当2017年英国国民健康服务系统被攻击时，全国超过1/3的医院做了妥协，付了赎金。

2021年，美国一个大输油管瘫痪，造成全国17个州以及华盛顿首府宣布进入紧急状态（指2021年5月7日，美国大型成品油管道运营商科洛尼尔管道运输公司遭受了勒索软件的攻击，为此关闭了旗下4条主干成品油管道）。

火车、港口甚至整个城市都受到了影响，几百万个普通家庭发现家庭照片，工作计划和私人文档都被黑客控制了。

Though the general idea is easy to grasp—criminals encrypt the target’s files, then ask for money to decrypt them again—the nuts and bolts of cybercrime are often baffling to the uninitiated. Renee Dudley and Daniel Golden, a pair of journalists, have written a good introduction to the subject. They focus as much on people as on the computers. Their book is named after a group of volunteers who try to fight back against hackers.

尽管这一行为不难理解——犯罪分子将目标人的文件加密，然后要求对方付钱才能解密，但对于普通大众来说，这种 络犯罪行为仍让人很迷惑不解。

Ransomware makes use of cryptography, the same mathematical technique that protects credit-card data and instant messages from prying eyes as they are transmitted across the internet. Done properly, files scrambled by ransomware are unrecoverable unless you pay the hackers for a long alphanumeric key. But programming is only rarely done perfectly, and almost all software is full of bugs. Attackers exploit them to infect machines; ransomware code, in turn, often contains faults. The ransomware-hunters can sometimes find those chinks in its digital armour, allowing victims to retrieve their files without paying.

勒索软件利用是与保护信用卡数据和即时信息上相同数学技巧—密码学（即用于防止用户在 络上进行转账被偷窥）。设计得好的话，被勒索软件攻击的文件是不可恢复的，除非你花钱买黑客设计的一长串秘钥。

但是，百密也有一疏漏。几乎所有的软件都有漏洞，这也包括勒索软件。袭击者利用漏斗攻击目标，而相反，勒索代码也会出现漏洞。

勒索软件猎杀小组成员们有时会找到这些软件的漏洞，从而可以帮助受害者不花一分钱追回自己的文件。

Many of the team members are “white-hat” hackers (ie, ethical hackers). Their reasons for fighting back include relish of the technical challenge and a strong sense of justice. They cannot always help, but when they can, they make a point of refusing payment for their services—though they sometimes express exasperation at the ingratitude of some of the people they assist.

很多小组成员是“白帽黑客”（也就是文明黑客）。他们与黑客罪犯斗争的原因有很多，包括享受技术挑战带来的乐趣，或者强烈的正义感。

只要他们能够帮忙，他们绝不会收取一分钱。但是，当某些受惠于他们的人忘恩负义时，他们有时也会表现出愤怒。

Having access to those at the sharp end provides the authors with some fascinating anecdotes. Pricked by his conscience, a remorseful hacker contacts a member of the team to offer decryption keys for nothing. Other gang members make contact to undermine rival gangs or pursue vendettas, tipping off the researchers to weaknesses in their competitors’ software.

受到良心的谴责后，一位黑客联系上了一位猎杀小组成员，竟然免费提供了解密钥匙。

其他一些黑客成员见面时，则会互相诋毁竞争对手或者展开决斗。争着给警方提供竞争对手的软件弱点。

It is still unclear where the ransomware story will end. High-profile raids and rising ransom demands have persuaded governments to take the threat seriously. Shortly after the oil-pipeline attack the gang behind it shut down, citing pressure from American authorities.

勒索软件何时灭亡无人知晓。但是，高调的袭击和不断上涨的赎金已经让政府严阵以待。在输气管被袭击后不久，此事件的犯罪帮派不再“开工”，声称受到了美国当局的压力。

But other factors are boosting the industry, not hindering it. By paying out to victims, insurance firms inflate ransom demands. Companies have sprung up to smooth the process of paying the ransoms, which are often demanded in cryptocurrency. That helps victims recover files—and reassures the criminals that more victims will pay in future. Even the work of ransomware-hunters puts pressure on the crooks to refine their software, pushing them to eliminate bugs and make it bulletproof. The ransomware business is complicated, ruthless and growing fast. Those looking for a guide should start here.

然而，其他因素却正刺激这一个行业向更加繁荣的方向发展。因为有保险公司帮助受害者付钱，赎金变得越来越高。公司也采取措施让赎金支付更加流畅，很多赎金支付要求使用加密货币。

这些应对措施，确实让受害者拿回了文件，但也导致今后将有更多受害者付钱。虽然猎杀小组不断要求人们加强自己的软件，要求他们删除漏洞，并且建立防盗墙。

勒索软件产业是一项复杂，无情但又增长迅速的恶意产业。想要了解它，不妨从这本书开始吧。