We have spoken about cryptocurrency a couple of times before, so by now we know it’s just another foreign currancy that folks can exchange for ‘real’ money. So if the bad guys can make money by using your servers to solve the difficult maths problems which create cryptocurrency, and they don’t pay for that compute power, you can see why everyone’s server is a potential target. If we understand how crooks make money from your cloud servers, we can protect those resources. So let’s dive in and see how to protect your servers from Ransomeware.
Why should you care?
We’re talking here about people mining bitcoin on your server. The server you pay for with the money you work hard for. And while some people admire the tenacity of bad-actors who create these types of malware, it can be genuinely dangerous.
With modern cloud services, scale is the name of the game, and if your server gets really busy (hopefully due to lots of visitors to your webiste), a good cloud platform will scale to cope with the demand. With scale comes cost, but if we’re scaling up because we have 1000 people in our web shop at once, we probably don’t mind paying for the extra capacity, because it will lead to more sales.
But when the bad guys use your server and cause your platform to scale, you’re still paying!
One of the easiest ways for bad-actors to get into your server in order to run their malicious software is by exploiting a vulnerability in some software your server is already running. What does that mean? Well if your server is a web server, for example, it will be running a “web service”. That web service will be something like Apache or NginX, (these two account for over 50% of the web services on the web). These software packages are free and open-source, meaning anyone can examine the code which makes up that software.
Being open-source is a mixed blessing, since it allows ultimate transparancy for better or for worse. Imagine if you’re an architect, and you get a behind the scenes tour of Wembly Stadium. You can see all the hidden systems which make the place so amazing, but you might also get to see some things which would help you cause havoc if you were so minded. Well the same is true of open source software, only when someone notices something which might become problematic, they can contribute to the program’s code to fix the problem they found. When everyone updates to that new version, that vulnerability no longer exists. Can you spot the problem yet?
We have spoken about patching before, and there’s a reason we keep banging the drum – it’s super important! That time someone had a look in the code running in your web server, and they found that vulnerability which lets them run other programs on your server – that is going to be there until you update.
To make things even more scary, it might not even be your server that is hacked. If your server is on a network with lots of others, which it very likely is, then the vulnerability could stem from any one of them. One of the tricks the bad guys use is to infect one machine, and then from there, look around the network, searching for other servers to infect. This is known as pivoting, and it’s a super easy way for malware to spread.
We can stop the great majority of all these bad things from happening just by having good housekeeping policies in place for our server estate. Protect your servers from Ransomeware by;
- Have an inventory of software running on every server and desktop
- Have an up-to-date network diagram of the interconnects between your various systems and platofms
- Keep up to date with the latest vulnerabilities, patches, and software updates
- Have a well drilled server patching strategy
- Have offsite backups
- Test your offsite backups
- Have a Disaster Recovery plan
Of course there are lots of cloud products which can help you with these aspects of housekeeping, and many more besides. We would be looking towards S3 storage, CloudWatch Dashboards, Logs and Alerts. To talk to us about how we might deploy some of these solutions for your organisation so your business doesn’t fall to the Crypto Miners, get in touch and let’s chat!