Are virtual desktops ransomware magnets?

Are virtual desktops ransomware magnets?

Oct 30, 2021 Posted by: designair space Security

Over the last year, the number of architecture engineering and design (AED) firms using virtual desktops has grown dramatically. Virtual desktop infrastructure (VDI) allows you to use powerful computers that are accessed over the internet. Your staff can then load CAD and BIM models on these desktops and work remotely. Virtual desktops are a useful solution for AED firms contemplating their hybrid working future. But are these environments safe from malicious ransomware attacks? 

Ransomware attacks are frequently in the news, with recent high-profile attacks including the Colonial Pipeline, the NBA and software firm Kaseya. Of particular relevance to AED businesses was this year’s malware attack against Austrian engineering firm Palfinger.

If your designers are working on and storing highly valuable files on a virtual desktop, the thought that criminal gangs could hold your company’s data to ransom is very worrying.

So, are virtual desktops safe for design data, and how can you protect them?

What is a virtual desktop?

A virtual desktop involves the virtualization of an operating system (typically Microsoft Windows). Your employees can connect to the physical server where this desktop is generated over the Internet. Once the virtual desktop is open, it looks and works just like their normal physical desktop and they can interact with it using any device.  

The difference with a virtual desktop is that it can be created, paused or destroyed instantaneously. Rather than having to buy physical computers for your remote staff, you simply create a virtual desktop which they can connect to from any computer.

Learn more: How do virtual desktop work for CAD and BIM software

What about ransomware?

Ransomware, as the name suggests, is a type of malware which hackers use to extort a ransom from victims. Once the ransomware is loaded onto your company’s computer systems, the hacker can freeze files and demand money - usually in the form of cryptocurrency – to return access.

Ransomware works like this:

  • An employee visits a dangerous website, OR clicks on a link in a phishing email, OR the hackers find a weakness in unpatched or out of date software.
  • Once they are inside your systems, they are able to move laterally, accessing files and finding out more about your business.
  • The criminal gang behind the ransomware attack freezes certain files and folders and then demands a ransom to have them returned.
  • They may also threaten to release sensitive material that you hold. In the case of AED firms, this might be intellectual property or sensitive information about customer accounts.

Can ransomware affect virtual desktop infrastructure?

Yes, ransomware can affect your virtual desktops in much the same way as it could affect your employees’ physical desktops. Depending on how your virtual desktops are set up they may offer slightly more protection than a traditional desktop - but they could also potentially be riskier.

Many companies set up their virtual desktop environments so that the operating systems roll back to a ‘pristine’ state at the end of each day. Even if an individual desktop gets breached, the malware will be removed before it can do too much damage. Virtual desktops also have the benefit of being constantly up to date and easy to manage for your IT department. For instance, they can apply security patches to all your virtual desktops in one go.

However, for typical use in Architecture, Engineering and Design the virtual desktop is not rolled back and ‘cleaned’ every single day, there is a risk that the criminals could still steal key information or go on to corrupt the servers that the virtual desktop runs on. If you suffered a sophisticated attack, you would therefore be highly exposed.

How to tackle the virtual desktop ransomware threat

Virtual desktops face many of the same threats that physical desktops do when it comes to ransomware. The good news is that there are several simple steps you can take to improve your company’s cyber security hygiene and reduced the risk of ransomware attacks:

  • Multi factor authentication: Multi factor authentication requires using two or more pieces of information to verify that someone logging onto your systems is who they say they are. For example, when logging into a virtual CAD or BIM design environment, multi factor authentication would request a password but also send an email to the user’s personal account to verify that it is indeed them logging on.

According to Microsoft, 99% of ransomware attacks could be avoided if companies used multi factor authentication.

  • Endpoint protection and response: This is about your IT teams actively hunting for any malicious activity and blocking it.
  • Encryption: Encryption means that if any of your data is stolen it will be unreadable and therefore unusable.
  • Backing up: By backing up your data, images, configurations and designs, you will be able to restore your content if ever required. You need to store this information offline and separate from your other systems.
  • Update and patch systems: If you frequently use virtual desktops, it is vitally important to watch out for any operating system updates coming down the line and patch any security weaknesses as soon as they are discovered.
  • Create an incident response plan: Your IT department should develop an incident response plan to decide how you would act if you ever became victim of ransomware.
  • Segment your networks: If you use VDI, segmenting your networks means that ransomware attackers cannot move from one network to another and steal more of your information.

These are just some of the many ways you can protect a virtual desktop infrastructure from ransomware attacks. For more help, the US government has developed a free-to-use Cyber Security Evaluation Tool which identifies your weaknesses so you can act on them.

Keeping virtual desktop infrastructure secure is vital

Maintaining and protecting virtual desktop infrastructure for CAD and BIM software is of course time consuming and requires significant expertise. And this is why many organisations choose to outsource management of their virtual desktop environments to a third-party provider.

Companies like Designair, that offer virtual desktops for AED firms, invest heavily to ensure that our environments are protected from ransomware. We do this by:

  • Enforcing cyber security hygiene (such as multi factor authentication)
  • Fully segmenting networks
  • Zero-trust Network Access
  • Client streaming over TLS 1.2 with AES 256-bit encryption
  • Ability to block end-user access to e-mail and internet
  • Auto-Lockout and Auto-Shutdown for abandoned sessions
  • End-user device authentication
  • Automatic updating and patching systems
  • Analysing the threat landscape and updating our VDI to be more secure
  • Continually testing our environments for potential threats
  • Backing up data disks and storing them offline

A growing number of architecture, engineering and design firms are using virtual desktops to support their hybrid working strategies. And by following cyber security best practice, virtual desktops can be just as - if not more – safe as traditional desktop security.

Try out Designair or contact us to learn more about our ransomware prevention strategies.