Ransomware Targets: Windows vs. Linux


James Panetti
January 27, 2022

Ransomware Targets: Windows vs. Linux

Ransomware is a growing threat for everyone, that much is clear. End it affects every major operating system (OS), but not all of them equally. So, which OS is safer – Windows or Linux? Though Windows is the juicier target given its end-user market dominance, and Linux has long laid claim to superior security, the truth is that the risk isn’t so cleanly calculated.

Desktops vs. Servers

There is no doubt that Windows dominates the desktop—81.91% of desktops run it. That makes it attackers’ No. 1 target, with 95% of ransomware attacking Windows just within the first half of 2021.

Ransomware isn’t solely about end-user computers, however. When it comes to web servers, Linux has long held the crown as the OS of choice for most web-facing servers, including 90% of public cloud platforms.

A breakdown of how ransomware affects the two most popular operating systems

Phishing vs. Exploits

Windows and Linux users are often as different as the OS’s themselves, and attackers account for this. Given its far broader user base, many Windows attacks activate via phishing, tricking the user into clicking a seemingly trustworthy link to open the door.

Most Linux distributions instead cater to technology professionals who are typically more guarded against phishing tricks. Knowing this, most Linux attacks focus on exploiting vulnerabilities instead, such as taking advantage of a specific service vulnerability on a server not up-to-date on patches.

Encrypt vs. Leak

Windows ransomware attacks have long followed the traditional flow of scan, encrypt, and demand: scan for data, encrypt the data, then demand a ransom to decrypt it.

Linux servers face potentially twice the danger. Recent Linux ransomware variants such as a DoppelPaymer employ a “double extortion” tactic in which the demand is backed by not one, but two, threats: Do not pay and not only will the data remain encrypted, but the attacker will leak it to the public.

You can restore lost data from backup, but you can’t put the genie back into the bottle once your data goes public.

Popularity vs. Severity

Windows is by far the more popular target, and Linux ransomware is relatively uncommon to date; nonetheless, this doesn't mean that Linux admins can relax. Of the broader malware attackers aimed at Linux, ransomware is the most prominent, and though all ransomware attacks are extremely severe threats, new trends such as double extortion demonstrate that Linux admins and security pros need to be just as vigilant as their Windows counterparts.

Sign Up For Our Newsletter

Don't worry, we hate spam too!

Other Articles You May Be Interested In:

Get Help Preparing For; Preventing;

Or Recovering From Ransomware Now

Get The Latest On Ransomware 
Right In Your Inbox

Sign Up To Receive Our 
Monthly Ransomware Newsletter

© Future US LLC, Full 7th Floor, 130 West 42nd Street, New York, NY 10036
envelope linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram