Ransomware Server Threat Demands a Virtual Patching Response

by Bharat Mistry

We all know that ransomware is one of the biggest threats facing UK organisations today. You only have to take a look at the headlines to see the havoc it’s wreaking all over the country, and the world. But although the broad message seems to be getting through, Trend Micro research has revealed a troubling lack of awareness when it comes to the details.

As we head towards VMworld Europe in a fortnight it’s worth remembering that only a layered approach to protection offers the best chance of success. That’s because corporate servers are increasingly being singled out by the black hats as vulnerable targets.

The truth about ransomware
The latest stats from our poll of over 300 UK IT decision makers shows us the scale of the problem. Over two-thirds of them (69%) believe they’ll be hit by a ransomware attack in the next year – a figure which rises to 75% when counting organisations that have already suffered an infection. But there’s still an element of confusion over exactly what ransomware is. A fifth (20%) of the UK IT decision makers we spoke to said they’re unsure how it actually works, while a further 11% had never heard of it.

The truth is that ransomware can strike at any part of your organisation. That’s why CISOs need to consider installing protection at all layers: web/email gateway; endpoint; network; and server. Specially crafted variants such as CRYPSAM/SAMSAM are designed to target unpatched servers – in the case of this specific ransomware via a vulnerability found in Java-based applications. It’s a canny tactic by the black hats because once a server is compromised, every network connecting to that server can be infected in a single attack, maximising RoI for the attacker.

Virtual patching at VMworld
Server protection is therefore a vital element to mitigating the risk of ransomware infection as well as a range of data stealing and other cyber threats. Patching vulnerabilities is an essential task but is often neglected in favour of more urgent operational tasks, and can be delayed if mission critical systems are affected.

Virtual patching is the answer, allowing the under pressure IT administrator to shield vulnerable systems from threats until a patch becomes available, or until they are ready to deploy one. It provides peace of mind against ransomware, zero days and more. At VMworld in Barcelona later this month Trend Micro will be showing off its virtual patching capabilities as part of its flagship Deep Security server security platform.

Deep Security has been designed specifically to run across physical, virtual and hybrid cloud environments, offering the most comprehensive range of security capabilities around. It’s no coincidence Trend Micro was named the market leader in the server security space for the sixth year in a row in January.

We will be at VMworld this year on stand P507 with live webinars running on Tuesday, 18th October and two panel discussions on Wednesday, 19th October:

– Exploring new frontiers: IT security in an NSX environment
SEC10621-SPO at 12.30pm in Room 39

Continuous security for locally managed and remotely hosted cloud data centers with Trend Micro and VMware
SEC9603 at 11am in Room 23

Please contact us for more information or to arrange a meeting ahead of the event.

Leave a Reply

Your email address will not be published. Required fields are marked *