Can ransomware infect Virtual Desktop Infrastructure?

Generally, Ransomware infects any computer system on a network and then encrypts all the files and professional data that cannot be decoded until a ransom is paid to the hackers. But can the same malware infect Virtual Desktop Infrastructure?

Technically speaking, Virtual Desktop Infrastructure- shortly known as VDI are hosts that secure desktop operating systems on a centralized server in a data center. It is a typical technology variation of client-server computing model, sometimes referred to as server-based computing.

For instance, if you have a KPO, you need to host a lot of desktops to help your workforce serve your clients on a digital note. But instead of loading or updating each and every desktop in your workplace, the administrator will have the privilege of hosting all the desktop operating systems on a central server and offer service through client-server computing model- thanks to VMware.

Now, the big question. Can Ransomware hit VDI environments?

In general, when a virtual desktop user encounters a malicious web page, they can accidentally click and get themselves infected. The malware would likely infect the Virtual desktop operating system. However, at the end of each user session, the virtual desktop would be rolled back to a pristine state, thereby knocking off the infection.

Though the malware would have infected some users, the anti-malware solution should detect it and remove it during the next scan.

But this might not apply to the case of ransomware, as it can prove more damaging in VDI than in a physical desktop environment.

As you all know, ransomware threats come in different forms and some ransomware scripts are more sophisticated than others. Now, imagine, if the ransomware could encrypt any data found on mapped network drives. Then the malware will not only encrypt the data on the hard drives but will also corrupt the virtual desktop operating systems.

Thus, we can conclude that ransomware can do more harm to virtual desktops than physical desktops in real time.

But does this really happen in real time…? If so, think why and how the companies like VMware (which offered VDIs for the first time) are still surviving?

As already said in one of the above paragraphs, when each session ends, the virtual desktop is reset to a pristine state and so it eliminates the ransomware infection from corrupting the OS.

But the problem is that the user’s data is still encrypted. And in most cases, the elimination of ransomware will automatically cut down the possibility to decrypt the data. At this point, the only option will be to restore data from a backup.

Nevertheless, there is still one situation where virtual desktops can help isolate users against ransomware threats. For instance, imagine a person A is using a PC as a thin client device and the local OS of the PC became infected with ransomware. Then that infection will not be able to leap to the centralized database of VDI. Hence, the organization’s data will only be at risk, if in case, the thin client’s Local OS contained network drives were mapped to the organization’s main servers.

So, how to protect VDIs from ransomware? Yes and that too if you follow the below said practices-

A.) Use a continuous data protection tool that automatically backs up data on a daily note. This ensures data continuity to a business and will help in rolling back files to their pre-encrypted state.

B.) The admin should offer access permissions to only authorized users. Remember, ransomware cannot encrypt data residing in locations that a user is not permitted to access.

C.) If carefully analyzed, they are some tools to configure a user’s web browser as sandboxed virtual applications. Thus, this arrangement will help malware infections be confined to the sandboxes and will make them isolated from user’s data.

Have some points to share…?

If so, share your mind through the comments section below.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display