![](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2023\/04\/21084046\/linux-vmware-esxi-ransomware-attacks-featured.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Hugh Aver| Date: Fri, 21 Apr 2023 12:52:47 +0000<\/strong><\/p>\n Ransomware. Nasty. But how to build defenses against it? Rather \u2013 what should be protected first and foremost? Often, Windows workstations, Active Directory servers, and other Microsoft products are the prime candidates. And this approach is usually justified. But we should bear in mind that cybercriminal tactics are constantly evolving, and malicious tools are now being developed for Linux servers<\/a> and virtualization systems. In 2022, the total number of attacks on Linux systems increased by about 75%<\/a>.<\/p>\n The motivation behind such attacks is clear: the popularity of open source and virtualization is growing, which means there are more and more servers running Linux or VMWare ESXi. These often store a lot of critical information which, if encrypted, can instantly cripple a company’s operations. And since the security of Windows systems has traditionally been the focus of attention, non-Windows servers are proving to be sitting ducks.<\/p>\n Penetrating Linux servers is usually based on exploitation of vulnerabilities. Attackers can weaponize vulnerabilities in the operating system, web servers and other basic applications, as well as in business applications, databases, and virtualization systems. As demonstrated last year by Log4Shell<\/a>, vulnerabilities in open-source components require special attention. After an initial breach, many ransomware strains use additional tricks or vulnerabilities to elevate privileges and encrypt the system.<\/p>\n To minimize the chances of attacks affecting Linux servers, we recommend:<\/p>\nAttacks in 2022\u20132023<\/h2>\n
\n
Server-attack tactics<\/h2>\n
Priority safeguards for Linux servers<\/h2>\n
\n