Ransomware is a growing threat for everyone, that much is clear. End it affects every major operating system (OS), but not all of them equally. So, which OS is safer – Windows or Linux? Though Windows is the juicier target given its end-user market dominance, and Linux has long laid claim to superior security, the truth is that the risk isn’t so cleanly calculated.
Ransomware isn’t solely about end-user computers, however. When it comes to web servers, Linux has long held the crown as the OS of choice for most web-facing servers, including 90% of public cloud platforms.
Windows and Linux users are often as different as the OS’s themselves, and attackers account for this. Given its far broader user base, many Windows attacks activate via phishing, tricking the user into clicking a seemingly trustworthy link to open the door.
Most Linux distributions instead cater to technology professionals who are typically more guarded against phishing tricks. Knowing this, most Linux attacks focus on exploiting vulnerabilities instead, such as taking advantage of a specific service vulnerability on a server not up-to-date on patches.
Windows ransomware attacks have long followed the traditional flow of scan, encrypt, and demand: scan for data, encrypt the data, then demand a ransom to decrypt it.
Linux servers face potentially twice the danger. Recent Linux ransomware variants such as a DoppelPaymer employ a “double extortion” tactic in which the demand is backed by not one, but two, threats: Do not pay and not only will the data remain encrypted, but the attacker will leak it to the public.
You can restore lost data from backup, but you can’t put the genie back into the bottle once your data goes public.
Windows is by far the more popular target, and Linux ransomware is relatively uncommon to date; nonetheless, this doesn't mean that Linux admins can relax. Of the broader malware attackers aimed at Linux, ransomware is the most prominent, and though all ransomware attacks are extremely severe threats, new trends such as double extortion demonstrate that Linux admins and security pros need to be just as vigilant as their Windows counterparts.