How Does Ransomware Spread and Attack?
You’ve undoubtedly heard of how ransomware attacks give companies grief by hijacking their digital property for ransom. Usually, victims of these attacks see an alarming message on their screen, saying that they will lose their data if they don’t pay the threat actors. But how does ransomware spread and attack? Here are some common ransomware attack vectors:
1. Phishing Emails
Phishing emails trick their recipients into opening attachments that may carry ransomware. Phishing emails are fake yet may carry text or headers that make them appear authentic. For example, they may look like they came from your company’s management.
2. Drive-by Downloads
A drive-by download is a technique where a malicious website infects a visitor with malware like ransomware. Usually, the download occurs without the visitor’s knowledge, and such attacks may exploit web browser vulnerabilities.
3. Malvertising
Also known as malicious advertising, malvertising uses corrupted online ads to spread unwanted programs like ransomware. Threat actors inject malicious code into legitimate advertising networks. When a user clicks the ad, they get ransomware.
4. Remote Desktop Protocol (RDP)
RDP allows network administrators to manage computers over a network connection and diagnose issues remotely. It’s quite a helpful feature by Microsoft. Unfortunately, RDP is also responsible for a significant number of ransomware attacks. The attackers employ a backdoor approach by exploiting vulnerabilities in the RDP software or flaws in its implementation.
5. Operating System Vulnerabilities
Some ransomware strains directly exploit operating system vulnerabilities. For example, the prolific WannaCry ransomware attack took advantage of Server Message Block (SMB) flaws to propagate across computers quickly. SMB, of course, is a file-sharing protocol that helps Windows computers on the same network share printers, files, and serial ports.
6. USB Devices
Many ransomware attacks occur through USB drives that carry malware infections. As soon as someone in the office uses the corrupt device, the malware hits systems. A ransomware gang may send the bait through mail as a fake promotional offer. They may also physically plant the device in an organization, hoping someone uses it out of curiosity.
7. Pirated Software
Pirated software can often function as a Trojan horse for ransomware. While users download the software to save a few bucks, they unintentionally invite a ransomware attack. Users of pirated software are also more likely to get hit by ransomware because they can’t download critical security updates that close vulnerabilities. For example, although Microsoft patched the flaw years ago that WannaCry exploits, the ransomware still infects computers using outdated software today.
8. Compromised Passwords
As was the case with the crippling Colonial Pipeline DarkSide ransomware attack, threat actors can breach network security through compromised login credentials. Once inside the system, they can drop ransomware systematically.
Remember, a ransomware gang usually won’t activate the malware immediately after infecting your system. In fact, many cybercriminals take weeks after the initial infection to impact as many files and computers as possible. That’s why you need full-time anti ransomware technology that offers proactive blocking and monitoring features.
In addition, you should regularly back up your data on air-gapped systems. Air-gapped systems don’t connect to any network or the Internet and will keep your files safe from ransomware. Finally, train your employees to use secure passwords, two-factor authentication, and defense techniques against ransomware attack vectors.