What’s Scaring System Administrators this Halloween Season?

Just like Halloween costumes that may have showed up on your doorstep this week, the top frights each year for system administrators are a combination of classics and newer threats. For the Halloween 2017 season, one of the scariest things in IT security is ransomware, whose attacks have increased in frequency, effectiveness, and in the public’s awareness of them.

Ransomware is a type of malware which blocks computer users’ access to their own content, and demands payment in return for restoring it. In addition to downtime, it can be very costly, and mitigating it represents a major headache for the organization and its IT staff.

One of the scary elements of ransomware is that security experts and public officials urge victims of these attacks not to pay the ransom, on the grounds that it encourages malicious behavior, without any guarantee the hacker will restore the ransomed files.

How scary is malware?

Researchers have tracked the rise of malware in recent years, and McAfee found that it increased by 128 percent from 2015 to 2016 (PDF). More recently, a survey of UK businesses found that 17 percent had experienced ransomware attacks, making it the third most common attack type. Despite this, the massive WannaCry ransomware attack that affected the British National Health Service and computers around the world in May was the first exposure to ransomware for 57 percent of consumers.

As seen with WannaCry, the threat affects both large and small organizations. Even though the majority of them do not pay up, small businesses paid over $300 million in ransom to hackers from mid-2016 to mid-2017, according to data protection company Datto.

We noted that ransomware primarily targets client-side computers, rather than servers, in a post exploring the topic this summer. This remains the case, but ransomware has begun to move towards the back-end, with major attacks against both Windows and Linux servers in 2017.

Despite this, ransomware is not an invincible monster, but rather a malware threat, and as such organizations can take reasonable steps to protect themselves from it.

Where can you hide?

Many of the steps system administrators can take to protect organizations from malware also decrease the chances of website downtime caused by ransomware infecting the server. The main strategies of defense against ransomware on the server side, as on the client side, include reducing vulnerabilities, using monitoring and prevention software, and maintaining backups.

Keeping operating systems and other software up to date and patching them when necessary limits vulnerabilities, as does avoiding suspicious links in webpages or emails. A guide to defending against ransomware for end-users, recently published by PC World suggests several easy measures, such as turning off Adobe Flash. When the Erebus ransomware variant was discovered infecting Linux servers in June, cybersecurity company Trend Micro composed a list of best practices for securing Linux servers from ransomware. They include implementing a strong patch management policy, minimizing third-party repositories or packages, and applying the principle of least privilege.

Monitoring and prevention software includes the firewall, intrusion detection/prevention, and anti-malware programs that every computer in the organization should utilize. There are specific anti-ransomware tools, but strong anti-malware is likely just as effective, while guarding against a greater range of malicious software.

Backups are the last line of defense for IT systems; at least one copy should be stored offsite. As long as the backup is recent and has not been infected, it is the easiest and least costly method of system restoration.

Even in the event that your system is infected and your data becomes inaccessible without a working backup, fixes are sometimes possible with removal software. Leading security providers add capabilities to their tools to counteract new threats regularly, and Microsoft published its Windows Malicious Software Removal Tool (MSRT) earlier this month as a free download.

Finally, using trustworthy managed services like ours to keep systems secure and up to date helps ensure the risk is minimized without incurring extra cost or staff labor. While ransomware is a growing IT security scare for the 2017 Halloween season, and has no silver bullet, organizations can prepare and protect themselves to substantially limit their risk to it.