Registered users
Linkedin Twitter Google+

In order to improve user's experience and to enable some functionalities by tracking the user accross the website, this website uses its own cookies and from third parties, like Google Analytics and other similar activity tracking software. Read the Privacy Policy
33HOPS, IT Consultants Download XSIBackup
33HOPS ::: Proveedores de Soluciones Informáticas :: Madrid :+34 91 930 98 66Avda. Castilla la Mancha, 95 - local posterior - 28700 S.S. de los Reyes - MADRID33HOPS, Sistemas de Informacion y Redes, S.L.Info

Protect ©ESXi VMs from ransomware

Keep your VMs safe from ransomware by keeping a high number of restore points

Ransomware malware is growing rapidly and destroying the enterprise data at the cost of a ransom to be able to decrypt it. Specialized journalists claim that this is one of the biggest illegal activities nowadays by income grow.

Every day the news tell about some new big enterprise or government affected by this disease. Nobody recognized to pay the extortion, nonetheless, unofficially the leaked news tell about a different story.

Ransomware consists in encrypting the data of an institution, enterprise or individual by employing a malware binary. The way it gets into your enterprise is generally through the e-mail inbox, disguising itself as some parcel service delivery note, some zipped document from your bank, or some order from a client.

Selling ESXi root access Some years ago they were poorly designed and the encryption could even be reversed by employing advanced forensic tools. Nowadays things have changed and they employ deep encryption keys, making it impossible to revert it. Thus, you'd better make sure that you are prepared, in the event that somebody in your office bites the bait.

Can you imagine what could be for your enterprise to loose all of its data?, are you sure you have a recent backup ready to be restored rapidly?

Until very recently ransomware was designed to be executed on Windows platforms, but criminals know very well that nowadays the number of desktops that have been virtualized is very high. They are starting to target virtualization platforms like ©ESXi. Recently, ransomware for ©ESXi, exploting some of the vulnerabilities of this Hypervisor OS has been detected.

This new form of malware will try to encrypt your virtual disks. If you backup to some local datastore, your chances that your backup copies are encrypted too are high. Our ©VMWare ©ESXi backup software allows to backup over IP/SSH adding an extra layer of protection, as malware is executed locally.

There are different ways to minimize the possibility of a successful ransomware attack in different platforms, let's revise them:

Use a good and recent antivirus software

You should be specially concerned if you are a ©MS Windows desktop user. Guess what, cybercriminals work on statistical possibilities. Most viruses and malware is designed for Windows desktops.

Linux and Mac OS users are more safe, still, the chances that you are affected by some ransomware episode is also high, in this case due to the probably excesive confidence you have in being safe.

And overall, please do make sure that your AV software is updating itself.

Design your systems to be resilient to infections

Devise systems that difficult an eventual infection from propagating through your network shares. Forcing users to enter their password on network shares might make you even more unpopular than you are now, still it's for the common good.

Keep your databases: ERP, CRM, Accounting, etc... in isolated servers not sharing any folder with destop users. I know this is not easy in an SME with reduced budget, still ©ESXi is still free to use as a basic hypervisor. You have other mature platforms out there. Take the time to learn and use a virtualization platform for your servers, so that you can isolate them in a more convenient way. And of course back them up every day and make sure that the copies are in a safe place.

Ransomware affecting virtualization platforms

Malware affecting other type of more specialized OSs, like virtualization hypervisors, is still rare, it will grow rapidly, you can bet it. Try to think ahead, devise strategies to keep your data protected, like backing up over IP. Reduce oermissions on the folders where you have your SSL keys to the bare minimum, like 0400. This will allow your backup software to use them to athenticate against remote servers, but will reduce the chances some malware encrypts them.

Grab your keys from a remote SSH server by using another key. I know this sounds a bit crazy, it's easy to implement and no ransomware programmer will try to target eccentric geeks, remember they depend on the Gaussian distribution to make money.

We will cover this technique in a different post.

Well, as you can see, there are a number of ways to increase your level of protection against the bad guys. The most fundamental one: don't do the same as the rest. Users will sooner or later click on some ransomware binary, it's just a matter of time. Rare is the day I don't receive 10 to 20 e-mails with such content. My AV is not able to detect them all, maybe just one third, and I use one of the best.

This page was last modified on 2021-04-22

Website Map
Resources & help
33HOPS Forum
Index of Docs

©33HOPS site relies on the following technologies and partners:
SSL Protocol PayPal Payment Gateway Stripe Payment Gateway

©33HOPS Sistemas de Información y Redes, S.L. | VAT No: ESB83583716 | Avda. Castilla la Mancha, 95, local posterior, 28701 San Sebastián e los Reyes (Madrid) Spain

Fill in to download
The download link will be sent to your e-mail.

            Read our Privacy Policy

(*) DC & Pro users, please login to your user area to download