Server-side Ransomware : Exploiting Vulnerabilities in Server Middleware

The reason ransomware incidents are so prevalent, and what’s enabled its recent rampage, is that it’s not easily ensnared in firewalls. This is because encryption malware, can end up on the system as part of an email phishing scam. A worker at an organization gets a message in his or her inbox requesting that a seemingly harmless PDF attachment is downloaded. Perhaps the worker is having a hectic day, and doesn’t actually take the time to second guess the source of the attachment. Next thing they know, the files on their computers are being encrypted, and a message from hackers is demanding $1,000 in crypto currency.

It’s an unsettling scenario, and an all too common one. If there was ever a measure of comfort regarding ransomware, it was that an organization might be able to teach workers how to avoid these pitfalls.

However, a more recent strain of ransomware has changed up the rules of the encryption malware game a bit. Instead of intruding via email, it sneaks in through vulnerabilities in server middleware.

The Rise of SamSam : What It Means for Businesses

According to The Register’s Iain Thomson, SamSam goes after a vulnerability in JBoss middleware on servers. As of late April, Cisco Talos estimated that a whopping 3.2 million were running endangered versions of the middleware. Hospitals and schools in particular were singled out among the most prominent targets.

In a nutshell, organizations running vulnerable versions of the JBoss server application are at risk of having a backdoor created, through which a hacker can access individual machines and then infect them with ransomware – no phishing schemes necessary.

Protect Critical Server Configurations

The takeaway from the JBoss incident is that server-side malware is a serious cyberthreat capable of blindsiding even the most vigilant organizations. But that doesn’t mean it cannot be stopped.

Faronics’ Reboot to Restore solution for server machines, Deep Freeze Server provides admins the ability to freeze their ‘operation-critical server configurations’ and the ability to restore that state with a quick restart. Any unauthorized changes in server applications, meant to enable the delivery of ransomware or other threats, can be eliminated with an automated server maintenance schedule. This also makes Deep Freeze Server a valuable defense against zero-day threats.

To learn more about Deep Freeze, contact Faronics today.