公開日 2024年8月23日 最終更新日 2024年8月23日 by JE2UFF_Toshi
Sometime in early May 2024, ARRL’s systems network was compromised by threat actors (TAs) using information they had purchased on the dark web.
引用:ARRL IT Security Incident – Report to Members
This serious incident was an act of organized crime. The highly coordinated and executed attack took place during the early morning hours of May 15. That morning, as staff arrived, it was immediately apparent that ARRL had become the victim of an extensive and sophisticated ransomware attack. The FBI categorized the attack as “unique” as they had not seen this level of sophistication among the many other attacks, they have experience with. Within 3 hours a crisis management team had been constructed of ARRL management, an outside vendor with extensive resources and experience in the ransomware recovery space, attorneys experienced with managing the legal aspects of the attack including interfacing with the authorities, and our insurance carrier. The authorities were contacted immediately as was the ARRL President.
引用:ARRL IT Security Incident – Report to Members
Their ransom demands were dramatically weakened by the fact that they did not have access to any compromising data.
引用:ARRL IT Security Incident – Report to Members
Today, most systems have been restored or are waiting for interfaces to come back online to interconnect them. While we have been in restoration mode, we have also been working to simplify the infrastructure to the extent possible. We anticipate that it may take another month or two to complete restoration under the new infrastructure guidelines and new standards.
引用:ARRL IT Security Incident – Report to Members
Although we are not entirely out of the woods yet and are still working to restore minor servers that serve internal needs (such as various email services like bulk mail and some internal reflectors), we are happy with the progress that has been made and for the incredible dedication of staff and consultants who continue to work together to bring this incident to a successful conclusion.
引用:ARRL IT Security Incident – Report to Members
まだ完全に危機を脱したわけではなく、内部のニーズに対応する小規模サーバー (バルクメールなどのさまざまなメール サービスや一部の内部リフレクターなど) の復旧に取り組んでいる状況のようですね。