Cryptocurrencies and Ransomware: How VDI Can Help Defend Against Ransomware

Karen Gondoly

Cryptocurrencies and Ransomware

The WannaCry ransomware made headlines back in May when it crippled hospitals across the UK and put organizations around the world on high alert. Even those of us lucky enough not to be infected suddenly had a new awareness of, and respect for, ransomware. But, ransomware isn’t new and, even more worrisome, it’s on the rise.

Why the increase in ransomware attacks, you ask? Are there simply more skilled hackers in the world? Probably, yes, but there’s another factor making ransomware attractive to the evil doers in the world. The rise of ransomware can be linked to the rise of cryptocurrencies.

A Brief History of Cryptocurrencies

A cryptocurrency is a digital or virtual currency that uses cryptography to secure its transactions and control the creation of additional units. The first, and arguably most popular, cryptocurrency is bitcoin. Bitcoin was released as open source software in 2009 by unknown programmers, and has since maintained its place at the top of the cryptocurrency food chain.

Unlike the dollar bill (or whatever physical currency you carry around), a cryptocurrency isn’t issued by a central authority or subject to any government manipulation. Cryptocurrencies live outside the regulations that govern most currencies. Transactions take place between users, without an intermediary, making them completely anonymous.

That’s what makes cryptocurrencies so attractive to ransomware authors. In the past, collecting ransom was a complicated process that required resources to launder the ransomware fees. Now, anyone can easily sign up for a bitcoin wallet and anonymously trade in bitcoins.

With the rise of cryptocurrencies, ransomware became an unfortunately feasible career path for your everyday hacker. Consequently, solid corporate IT security policies became an order of magnitude more important.

The Increased Value of Security

Cryptocurrencies, and how they enable ransomware attacks, dramatically change the security calculus for corporations. Traditional hackers compromised an organization’s data. When a hack did occur, the organization’s customers and their exposed credit card numbers suffered the brunt of the attack. The organization might suffer some ill will and bad press, but business went on.

Ransomware shifts the hacker’s impact from the customer to the corporation, disabling the business and costing the company in lost revenue, in addition to the ransomware fees. Already, 2017 has seen a number of large ransomware payouts, and these are only the fees that are being reported. It’s not hard to imagine that, in some cases and against expert advice, companies are simply paying ransomware fees without reporting them, in order to minimize their losses due to down time.

No matter how many operating system updates IT applies, there will always be a hacker who can find a new way in. IT’s only option is to keep ransomware out of their corporate data center and, in the event it gets in, mitigate its effect. Thankfully, VDI is here to help.

How Can VDI Help?

VDI, or Virtual Desktop Infrastructure, is the concept of moving user’s desktops off of their desks and virtualizing them in a data center or cloud. Organizations turn to VDI for a number of reasons: VDI secures corporate data by moving it off of the user’s end points and into the data center, it provides remote access to users, and it simplifies some IT tasks related to desktop maintenance.

Thankfully, VDI can help protect you against ransomware, as well. You just need to consider how you architect your VDI solution.

Consider a fairly common VDI setup where corporate data is located on a centralized server and users are provided with non-persistent virtual machines. This configuration is ideal for minimizing the effects of malware, but what about ransomware?

If the user browses to a malicious website and their VM becomes infected by ransomware, the ransomware encrypts the user’s profile and, more troubling, it may encrypt data found on a mapped network drive. Now, consider what happens when the user logs out of their virtual machine and that VM is deleted or reimaged. The ransomware is gone, but the user’s data is still encrypted and, with the ransomware removed, it may be impossible to unencrypt. In this VDI scenario, the only recourse is an airtight data backup and recovery scheme.

So, how can you architect VDI to protect your organization against ransomware? You build a VDI environment that gives users access to the internet without compromising your data. The key is isolation.

Ransomware originates from a malicious website, which the user may visit in a browser or access via an email. (If only we could stop users from clicking on links in emails…) Therefore, to mitigate the chance that the user’s VM or physical device is infected, isolate their applications and Web browsers. Or, said another way, move any part of your VDI environment that may expose the user to ransomware up to the cloud.

That cloud isolates, controls, and contains your most common attack vector: your end user. If you provide users with email or Web access via an application or browser that is installed on a desktop in the cloud, any ransomware or other malicious content is contained to that desktop in the cloud. Lock that desktop away from your corporate data, and delete it as soon as the user logs out or encounters a problem and the ransomware never has a chance to hold your data ransom.

With ransomware, it’s not a matter of if, but when your company falls prey. To save both money and your sanity, make sure that attack is contained in an area that doesn’t have access to your core corporate data. VDI and the cloud can help!

By Karen Gondoly

Aruna Headshot

66% Say They’d Switch Vendors in Order to Get an Intelligent Online Meeting Solution

People are getting frustrated with online and video meetings. In fact, according to a recent survey, 85% say they are challenged with these types of ...
Daren

RSA Conference: FUD-free or filled?

IoT 15 Billion Units By 2021 At the annual RSA conference, there were plenty of discussions and presentations on the evolving cybersecurity threat landscape, including ...
Kokumai

History, Current Status and Future Scenarios of Expanded Password System

Future Scenarios of Expanded Password System Passwords are so hard to manage that some people are urging the removal of passwords from digital identity altogether. What ...
Mark Casey Apcela

After the SD-WAN: leveraging data and AI to optimize network operations

AI to Optimize Network Operations Increasing numbers of companies have implemented SD-WAN technology, thanks to benefits like higher performance, lower cost, and greater business agility ...
Trust Report

Profit-Driving Strategies for 2020, Backed by Data

Profit-Driving Strategies Since 2019 is coming to a close, the time has come for businesses to evaluate what they can do to propel profits in ...