Cryptocurrencies and Ransomware
The WannaCry ransomware made headlines back in May when it crippled hospitals across the UK and put organizations around the world on high alert. Even those of us lucky enough not to be infected suddenly had a new awareness of, and respect for, ransomware. But, ransomware isn’t new and, even more worrisome, it’s on the rise.
Why the increase in ransomware attacks, you ask? Are there simply more skilled hackers in the world? Probably, yes, but there’s another factor making ransomware attractive to the evil doers in the world. The rise of ransomware can be linked to the rise of cryptocurrencies.
A Brief History of Cryptocurrencies
A cryptocurrency is a digital or virtual currency that uses cryptography to secure its transactions and control the creation of additional units. The first, and arguably most popular, cryptocurrency is bitcoin. Bitcoin was released as open source software in 2009 by unknown programmers, and has since maintained its place at the top of the cryptocurrency food chain.
Unlike the dollar bill (or whatever physical currency you carry around), a cryptocurrency isn’t issued by a central authority or subject to any government manipulation. Cryptocurrencies live outside the regulations that govern most currencies. Transactions take place between users, without an intermediary, making them completely anonymous.
That’s what makes cryptocurrencies so attractive to ransomware authors. In the past, collecting ransom was a complicated process that required resources to launder the ransomware fees. Now, anyone can easily sign up for a bitcoin wallet and anonymously trade in bitcoins.
With the rise of cryptocurrencies, ransomware became an unfortunately feasible career path for your everyday hacker. Consequently, solid corporate IT security policies became an order of magnitude more important.
The Increased Value of Security
Cryptocurrencies, and how they enable ransomware attacks, dramatically change the security calculus for corporations. Traditional hackers compromised an organization’s data. When a hack did occur, the organization’s customers and their exposed credit card numbers suffered the brunt of the attack. The organization might suffer some ill will and bad press, but business went on.
Ransomware shifts the hacker’s impact from the customer to the corporation, disabling the business and costing the company in lost revenue, in addition to the ransomware fees. Already, 2017 has seen a number of large ransomware payouts, and these are only the fees that are being reported. It’s not hard to imagine that, in some cases and against expert advice, companies are simply paying ransomware fees without reporting them, in order to minimize their losses due to down time.
No matter how many operating system updates IT applies, there will always be a hacker who can find a new way in. IT’s only option is to keep ransomware out of their corporate data center and, in the event it gets in, mitigate its effect. Thankfully, VDI is here to help.
How Can VDI Help?
VDI, or Virtual Desktop Infrastructure, is the concept of moving user’s desktops off of their desks and virtualizing them in a data center or cloud. Organizations turn to VDI for a number of reasons: VDI secures corporate data by moving it off of the user’s end points and into the data center, it provides remote access to users, and it simplifies some IT tasks related to desktop maintenance.
Thankfully, VDI can help protect you against ransomware, as well. You just need to consider how you architect your VDI solution.
Consider a fairly common VDI setup where corporate data is located on a centralized server and users are provided with non-persistent virtual machines. This configuration is ideal for minimizing the effects of malware, but what about ransomware?
If the user browses to a malicious website and their VM becomes infected by ransomware, the ransomware encrypts the user’s profile and, more troubling, it may encrypt data found on a mapped network drive. Now, consider what happens when the user logs out of their virtual machine and that VM is deleted or reimaged. The ransomware is gone, but the user’s data is still encrypted and, with the ransomware removed, it may be impossible to unencrypt. In this VDI scenario, the only recourse is an airtight data backup and recovery scheme.
So, how can you architect VDI to protect your organization against ransomware? You build a VDI environment that gives users access to the internet without compromising your data. The key is isolation.
Ransomware originates from a malicious website, which the user may visit in a browser or access via an email. (If only we could stop users from clicking on links in emails…) Therefore, to mitigate the chance that the user’s VM or physical device is infected, isolate their applications and Web browsers. Or, said another way, move any part of your VDI environment that may expose the user to ransomware up to the cloud.
That cloud isolates, controls, and contains your most common attack vector: your end user. If you provide users with email or Web access via an application or browser that is installed on a desktop in the cloud, any ransomware or other malicious content is contained to that desktop in the cloud. Lock that desktop away from your corporate data, and delete it as soon as the user logs out or encounters a problem and the ransomware never has a chance to hold your data ransom.
With ransomware, it’s not a matter of if, but when your company falls prey. To save both money and your sanity, make sure that attack is contained in an area that doesn’t have access to your core corporate data. VDI and the cloud can help!
By Karen Gondoly