In the course of our work, we see many companies and organizations devastated by ransomware. When researching the causes of these attacks, unfortunately, we see the same mistakes made over and over and over again. One common that comes up frequently is the use of outdated versions of Windows servers.
It’s natural to think that there’s no need to update software that seems to be working fine. After all, why pay more for new software, when the old software is working perfectly well? No one likes to go through the trouble of migrating files to a new server configuration. However, the threat of all forms of hacks, including ransomware attacks, is on the rise. Complacency is no longer an option when it comes to cybersecurity. This is an area where there is no question that an ounce of prevention is worth a pound of cure.
This applies to all forms of software, but vulnerabilities in servers in particular are especially dangerous.
Why Are Server-side Ransomware Attacks so Dangerous?
For most organizations, the server is the heart of their entire IT system. It’s also home to most of an organization’s important files and data. Even if all data is not stored on the server, the server is the avenue which allows hackers to access every nook and cranny of a network. In many cases, servers are the last line of defense before a ransomware virus spreads through an entire network. Most ransomware attacks start by compromising one computer, usually through a phishing attack. Once the attackers enter the system, gaining control over the server is the last step before they totally dominate the entire network. From there, they may be able to access all kinds of sensitive data. This enables them to shut down your entire operation and steal trade secrets or confidential client data.
Another important concern is the possibility of your backups being compromised. Once attackers gain access to a server, they can observe your backup schedule, and take moves to encrypt it. Once an attacker has gained access to your system, the backup is your last line of defense. If data are encrypted by the attackers, you can still restore your data from a backup. This renders the attack more or less harmless.
Most ransomware attacks only succeed if the hackers are able to encrypt backups. Gaining access to the server is often an important step in this process. As the frequency and severity of ransomware attacks increase, securing your server becomes more important.
Why are there so many vulnerabilities for older Windows servers?
One of the reasons there are so many vulnerabilities for Windows products, including Windows servers, is the popularity of Microsoft products. Since there are so many Windows users around the world, it’s worthwhile for hackers to spend their time and energy looking for weaknesses. This has caused a situation where there is a huge list of vulnerabilities growing all the time.
When it comes to older version of Windows servers, hackers have had many years to find all kinds of vulnerabilities. All of this trial and error has left them with abundant tools when it comes to breaking into these servers. In fact, some hackers may deliberately look for victims running certain types of software. If a group of hackers finds a trick that works well, they may try to replicate it by searching for others using the same software. In many cases, this software happens to be older versions of Windows servers.
Microsoft also has their hands full trying to manage security threats on their newer software. For example, Microsoft released 862 security patches in 2020. That’s slightly higher than in 2019, which shows that the problem is not really getting better. Since fewer people run older software, it also gets less attention when it comes to security patches and updates.
When software reaches “End of life,” also known as “end of service,” no more patches will be issued at all. Version of Windows Servers that are currently “end of life” include Windows Server 2012 Standard, Windows Server 2012 Datacenter, Windows Server 2008 Small Business Server Standard, Windows Server 2000 Datacenter Server, and Windows Server 2000 Server. Windows Server 2016 Standard, Windows Server 2016 Essentials and Windows Server 2016 Datacenter will reach end of life on January 11th, 2022.
How can I protect against ransomware attacks on my Windows server?
It’s highly advisable to update your software if you are running any of these older versions. The best way to protect yourself is without a doubt updating to the most recent software version. Software developers design newer versions of software with built in fixes to known vulnerabilities. In some cases, these changes are reflected in the most basic architecture of the codebase. Support for newer software is also usually better than with older versions. This means if there are vulnerabilities, patches will come out more quickly.
Another possibility is to switch to Linux servers. Linux servers are not immune to attacks by any means, but they are regarded as more secure by many cyber security experts. There’s generally less malware designed to run on Linux servers, which is one advantage.
Whichever software you decide to go with, it’s very important to always stay on top of the latest updates. New vulnerabilities appear all the time, so you should regularly check for patches. Hackers are always on the lookout for people who don’t pay attention to these things. For more general tips on securing your server, I recommend this article.
With a few good preventative measures, you should be able to prevent most ransomware attacks. However, if you are targeted by a highly sophisticated gang of hackers, this may still not be enough. If you do get hit by ransomware, you can always contact us for a free consultation. We also help our clients with recovering from ransomware attacks after the ransomware is removed and data is restored.
The recovery phase is designed to help make sure that our clients don’t get hit by ransomware again. In many cases, we make recommendations about software, including updating outdated Windows servers.