February 2, 2017
Christophe Bertrand

The Linux Backup Server Ransomware Myth

I have recently received some feedback from customers and prospects about our webcasts on the topic of ransomware. One interesting set of comments revolved around using a Windows-based backup server vs. a Linux-based system. It seems as though there’s quite a bit of serious misinformation out there because frankly, it makes no difference as malware criminals love Linux systems too. Web servers continue to be a favorite target, but as you can imagine, it’s spreading rapidly. Those Linux encoders are getting more sophisticated and industry experts are warning enterprises to brace for impact.

In a blog by Paolo Rovelli, from security company Sophos, he begins his post on Linux security myths with this powerful statement:
“We are well into the 21st century, but it is astonishing how people can still believe that Linux-based operating systems are completely secure. Indeed, “Linux” and “security” are two words that you rarely see together.”

Let me net this out: To protect the backup server, whether it runs on Windows or Linux, make sure you:

  • Follow the strictest protocols in terms of network, storage, access and security
  • Use best practices by having offline copies; for example, don’t use email or pull up webmail (and check attachments) on the machine that hosts the backup server (I know some of you have done it)
  • Train your users and your IT folks
  • Get great anti-virus and threat detection technology
  • Finally, stay current with OS security patches (at Arcserve, we let customers download and install security patches from Microsoft as soon as they become available to avoid lag time and potentially missed patches)
  • Final thought: Don’t fall for vendors that tell you their Linux-based solution is less risky – it’s blatantly untrue (or they’re very misinformed), and no system is invulnerable against ransomware, regardless of the data protection solution. Again, use best practices!

    More information on this topic can be found in the below articles I found in a quick Google search:

    https://blogs.sophos.com/2015/03/26/dont-believe-these-four-myths-about-linux-security/
    https://linux-audit.com/linux-and-the-rise-of-ransomware/
    http://thehackernews.com/2015/11/linux-ransomware.html