Is Your Business Safe? Server Negligence Is Making It Easy For Ransomware Attackers

Three million. That’s the number of servers that are at risk right now around the world.

The reasons why they are at risk are so obvious that it is almost laughable that they are at risk in the first place. But there is nothing funny about compromised systems and data being held for ransom. This is serious business with millions of dollars at stake.

Insecure apps, unimplemented updates and just plain old bad patching practices, have left three million servers vulnerable to the workings of today’s cybercriminals. This is just straight up negligence. Apps can be secured. Updates can be, well, updated. And patching protocols can be put into place. All these are fairly easy tasks. They do not need the intervention of specialists or upper management. They do not need big budgets or protracted deadlines, and is the unfortunate result of laziness and incompetence.

Yes, 3.2 million servers is a lot of servers. It will take time, it will take resources, but according to Cisco Systems’ Talos security service, by continuing such lackadaisical practices these server admins are just inviting trouble. The Talos team has seen evidence that ransomware attackers have already begun exploiting this issue. They note that cybercriminals are using these vulnerabilities to spread ransomware like a plague. The tough part is that unlike a virus in which an infected system will show symptoms right away, ransomware can hide and lurk in systems for weeks, months and even years before they are activated.

Cisco

In an initial scan of 1,600 IP addresses, Talos’ security team discovered 2,100 installed backdoors.

These IPs span the gamut of users from everyday individuals, to schools, banks, large corporations, small businesses and even government entities. However, it seems that Talos’ diligent work has somewhat paid off. Cisco System’s crack security team has identified a library management system called Destiny, which was produced by Follett learning. An in depth analysis of a number of compromised systems show that the overwhelming majority of them have Destiny in common. Destiny is a legitimate library management tool used by many K-12 schools worldwide and its publisher, Follett learning is a legitimate company. Neither the software nor the company are trying to be malicious. However, it seems that Follett neglected to devise and implement a patch on the current Destiny system, and attackers have been using this security gap to gain access to the servers that Destiny has been installed on.

Follett has since jumped all over the issue and have created and implemented a patch. That is all well and good but the damage was already done to the systems and servers that were infected by the ransomware Trojans. And, this brings to roundabout nature of dealing with this entire issue. Actions are often taken only after a breach or attacked has been registered. Software publishers, server admins and service providers can talk all they want about proactive security and persistent monitoring, but until they start to consistently deliver on basic things correct like updates and patches, then it’s just all talk.

To find out more about simple steps you can take to enhance your IT and email security, download our free security checklist here.

Morris - Morris Treger

Great service!

Jane - Blackjack's Mill Ltd

Problem sorted thanks to Mohammad :)

Laurence - Silva Timber Products Ltd

Quick and easy as everything was done for me.

Petra - Chelsea Psychology Clinic

The guy who helped me was very polite and patient. Also helped me resolve my issue quickly.

Sangita - Banana Tree

Excellent service - Thank You!

Tony - Minerva MC

I was contacted within a few minutes of reporting the issue and within 30 minutes all was sorted. I\'m not totally IT literate but Mohammad was patient and explained everything simply.

Fran - FMC Ltd

I had an issue with Spam email that Mohammed dealt with speedily and efficiently.

Paul - Silva Timber Ltd

Quick service, e-mailed and someone phoned me back within 15 minutes.

Andy - Adams Mitchell

Very quick response, cleared issue very quickly.