Over the last few years, ransomware developers have been almost entirely focused on extorting money out of Windows desktop users. A combination of non-technical users and a less robust permissions system makes them easy pickings. But there’s no doubt that servers are a juicy target for online criminals. Imagine how you would feel if your business’ website was forced offline because its files or database were encrypted. What would you pay to get them back?
As things stand, there’s not much of a risk this will happen. The developers of the most prominent Linux-targeting ransomware — Linux.encoder — have proven singularly incompetent. Every time they release a new version, it’s quickly cracked by security researchers. But enterprise servers are too tempting a target to be safe for long.
Linux presents considerable difficulties for ransomware developers. Its users tend to be security-aware server admins who are unlikely to run a ransomware executable. Most Linux software comes from closely monitored repositories or is compiled from source. And the Linux permissions model makes it hard to run executables with the permissions necessary to access and encrypt files.
Nevertheless, Linux is not perfect — and nor are server administrators. Remote code execution vulnerabilities occasionally come to light and it’s not uncommon for system administrators to make security mistakes. Additionally, the steps that protect a server from ransomware are security best practices that every server administrator should be doing anyway.
If an attacker can use brute-force your server’s root account over SSH, then it’s game over. They can do anything they want with your data.
When deploying a new server, administrators should take the time to harden their SSH server: don’t allow root logins, makes sure all passwords are “unguessable”, and, ideally, use key-based logins instead of passwords.
Keep On Top Of Updates
Updates often include patches that fix security vulnerabilities. If you don’t regularly update your server’s operating system and software, it’s likely to become vulnerable to compromise.
FutureHosting clients who opt for our Future Engineer Pro management services don’t need to worry about security updates — we’ll take care of them.
Backup Your Server
This is the crucial step. Ransomware works because it prevents people from accessing data that is of value to them. If ransomware victims have a comprehensive and up-to-date backup, the ransomware extortionists have no leverage — it becomes a minor annoyance rather than a major catastrophe.
Future Protect, our managed backup service, offers continuous data protection, and we’ll help you restore your data should the worst happen.
It’s not difficult to protect your server from ransomware. Ransomware is only effective against inexperienced users and poorly secured machines. Secure the services that run on your server, regularly apply patches, and — most importantly — keep a comprehensive backup of your data. Don’t give ransomware a chance to gain a foothold on your business’ vital infrastructure.