Infosec thought leaders

Cryptocurrencies and Ransomware: How VDI Can Help Defend Against the Next Ransomware Attack

Cryptocurrencies and Ransomware

The WannaCry ransomware made headlines back in May when it crippled hospitals across the UK and put organizations around the world on high alert. Even those of us lucky enough not to be infected suddenly had a new awareness of, and respect for, ransomware. But, ransomware isn’t new and, even more worrisome, it’s on the rise.

Why the increase in ransomware attacks, you ask? Are there simply more skilled hackers in the world? Probably, yes, but there’s another factor making ransomware attractive to the evil doers in the world. The rise of ransomware can be linked to the rise of cryptocurrencies.

A Brief History of Cryptocurrencies

data breach

A cryptocurrency is a digital or virtual currency that uses cryptography to secure its transactions and control the creation of additional units. The first, and arguably most popular, cryptocurrency is bitcoin. Bitcoin was released as open source software in 2009 by unknown programmers, and has since maintained its place at the top of the cryptocurrency food chain.

Unlike the dollar bill (or whatever physical currency you carry around), a cryptocurrency isn’t issued by a central authority or subject to any government manipulation. Cryptocurrencies live outside the regulations that govern most currencies. Transactions take place between users, without an intermediary, making them completely anonymous.

That’s what makes cryptocurrencies so attractive to ransomware authors. In the past, collecting ransom was a complicated process that required resources to launder the ransomware fees. Now, anyone can easily sign up for a bitcoin wallet and anonymously trade in bitcoins.

With the rise of cryptocurrencies, ransomware became an unfortunately feasible career path for your everyday hacker. Consequently, solid corporate IT security policies became an order of magnitude more important.

The Increased Value of Security

Cryptocurrencies, and how they enable ransomware attacks, dramatically change the security calculus for corporations. Traditional hackers compromised an organization’s data. When a hack did occur, the organization’s customers and their exposed credit card numbers suffered the brunt of the attack. The organization might suffer some ill will and bad press, but business went on.

Ransomware shifts the hacker’s impact from the customer to the corporation, disabling the business and costing the company in lost revenue, in addition to the ransomware fees. Already, 2017 has seen a number of large ransomware payouts, and these are only the fees that are being reported. It’s not hard to imagine that, in some cases and against expert advice, companies are simply paying ransomware fees without reporting them, in order to minimize their losses due to down time.

No matter how many operating system updates IT applies, there will always be a hacker who can find a new way in. IT’s only option is to keep ransomware out of their corporate data center and, in the event it gets in, mitigate its effect. Thankfully, VDI is here to help.

How Can VDI Help?

VDI, or Virtual Desktop Infrastructure, is the concept of moving user’s desktops off of their desks and virtualizing them in a data center or cloud. Organizations turn to VDI for a number of reasons: VDI secures corporate data by moving it off of the user’s end points and into the data center, it provides remote access to users, and it simplifies some IT tasks related to desktop maintenance.

Thankfully, VDI can help protect you against ransomware, as well. You just need to consider how you architect your VDI solution.

Consider a fairly common VDI setup where corporate data is located on a centralized server and users are provided with non-persistent virtual machines. This configuration is ideal for minimizing the effects of malware, but what about ransomware?

If the user browses to a malicious website and their VM becomes infected by ransomware, the ransomware encrypts the user’s profile and, more troubling, it may encrypt data found on a mapped network drive. Now, consider what happens when the user logs out of their virtual machine and that VM is deleted or reimaged. The ransomware is gone, but the user’s data is still encrypted and, with the ransomware removed, it may be impossible to unencrypt. In this VDI scenario, the only recourse is an airtight data backup and recovery scheme.

So, how can you architect VDI to protect your organization against ransomware? You build a VDI environment that gives users access to the internet without compromising your data. The key is isolation.

Ransomware originates from a malicious website, which the user may visit in a browser or access via an email. (If only we could stop users from clicking on links in emails…) Therefore, to mitigate the chance that the user’s VM or physical device is infected, isolate their applications and Web browsers. Or, said another way, move any part of your VDI environment that may expose the user to ransomware up to the cloud.

That cloud isolates, controls, and contains your most common attack vector: your end user. If you provide users with email or Web access via an application or browser that is installed on a desktop in the cloud, any ransomware or other malicious content is contained to that desktop in the cloud. Lock that desktop away from your corporate data, and delete it as soon as the user logs out or encounters a problem and the ransomware never has a chance to hold your data ransom.

With ransomware, it’s not a matter of if, but when your company falls prey. To save both money and your sanity, make sure that attack is contained in an area that doesn’t have access to your core corporate data. VDI and the cloud can help!

By Karen Gondoly

Karen Gondoly

A 15-year veteran of the technology industry, Karen Gondoly brings leadership experience as well as extensive skills in software development, technical writing, GUI design, and usability to her role as CEO of Leostream Corporation.

An active advocate of innovations in the desktops virtualization space, Gondoly writes widely on the topics of hosting resources in the datacenter and is a member of the “Women of OpenStack” community.

A graduate of Massachusetts Institute of Technology, she holds bachelor and master of science degrees in aeronautical/astronautical engineering.

She is a dedicated fitness enthusiast and avid runner, having completed over 40 marathons spanning 38 states and 3 countries.

View Website


blcokchain contributor

Cryptographic Key Generation – It’s Time To Pay Attention

Cryptographic Key Generation When we think about cryptographic keys, we tend to think about closely guarded secrets. Keys are the only ...
How Artificial Intelligence Is Revolutionizing Business

How Artificial Intelligence Is Revolutionizing Business

Artificial Intelligence Revolution 84% of respondents say AI will enable them to obtain or sustain a competitive advantage. 83% believe ...
Advances in Technology and Consumer Behaviour are Driving Transformation

Advances in Technology and Consumer Behaviour are Driving Transformation

Technology and Consumer Behaviour Advances in technology and consumer behaviour are driving a transformation in the way video content is ...
Cloud Services Providers - Learning To Keep The Lights On

Cloud Services Providers – Learning To Keep The Lights On

The True Meaning of Availability What is real availability? In our line of work, cloud service providers approach availability from ...
Avoiding Obsolescence In The Cloud

Avoiding Obsolescence In The Cloud

The Cloud I was amused to discover this week that Microsoft aren’t supporting Internet Explorer 8 or 9 – with ...
Cloud Comings and Goings

Cloud Comings and Goings

Cloud Power Amazon Web Services – the giant of cloud computing – is on track to do $10 Billion in ...


Dropbox heads for trading debut after upsized IPO pricing

Dropbox heads for trading debut after upsized IPO pricing

(Reuters) - Having topped expectations with the upsized price of its initial public offering, Dropbox Inc on Friday faces its next big challenge: a successful launch of trading when global stock markets are the defensive ...
IDC Report: Smart Cities Initiatives to Reach $28.3 Billion in 2018

IDC Report: Smart Cities Initiatives to Reach $28.3 Billion in 2018

First-ever IDC Smart Cities Spending Guide Expects Technologies Enabling Smart Cities Initiatives to Reach $28.3 Billion in 2018 SINGAPORE, March 23rd, 2018 – Asia/Pacific (excluding Japan) on the technologies that enable Smart Cities initiatives is expected ...
BMW delays electric car mass production until 2020 for cost reasons

BMW delays electric car mass production until 2020 for cost reasons

FRANKFURT (Reuters) - BMW has held back the mass rollout of electric cars until 2020 because current fourth generation electric car technology is not profitable enough for volume production, Chief Executive Harald Krueger said. “We ...
Rackspace Extends Managed Security to Google Cloud Platform

Rackspace Extends Managed Security to Google Cloud Platform

SAN ANTONIO, March 21, 2018 (GLOBE NEWSWIRE) -- Rackspace® announced today that Managed Security and Compliance Assistance for Google Cloud Platform (GCP) is now available for preview to new and existing customers that use Rackspace Managed Services for GCP ...
Google classroom

Helping G Suite customers stay secure with new proactive phishing protections and management controls

Security tools are only effective at stopping threats if they are deployed and managed at scale, but getting everyone in your organization to adopt these tools ultimately hinges on how easy they are to use ...
Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

By 2021, Regulatory Compliance Will Become the Prime Influencer for IoT Security Uptake Internet of Things (IoT)-based attacks are already a reality. A recent CEB, now Gartner, survey found that nearly 20 percent of organizations ...