Hackers spread ransomware by these 4 methods


Ransomware spreading hackers are getting sophisticated day by day and no organization seems to be immune to such cyber attacks. In this article, we will discuss the popular methods through which hackers are spreading ransomware to corporate networks.

Hope, it helps companies which are in search of ways to isolate their corporate IT infrastructure from Ransomware attacks.

Phishing Emails– This is the most common method used by hackers to spread ransomware. In this method, cyber crooks craft the emails in such a way that the mail content tricks the victim into opening an attachment or website link that contains malicious content. The malicious file can come in many forms including PDF, ZIP, Word Doc or Javascript and can encrypt entire data on the machine and also the network in some cases.

Via Remote Desktop Protocol- Technically speaking, a Remote Desktop Protocol(RDP) was created to help IT admins to secure access a user’s machine remotely in order to configure it or to take control of the machine in cases. RDP usually runs over port 3389. As the port acts as an opening door to a device for legitimate use, bad actors are seen taking the opportunity to exploit this access point for illegitimate use.

In the year 2017, Shodan.io estimated that over 10 million machines were having their 3389 port open to public internet giving hackers an opportunity to show their skills. Any hacker after identifying a machine with an open port can gain access by brute-forcing and can take control of the machine to initiate a ransomware encryption operation. SamSam, LowLevel04, and Crysis ransomware are usually spread with this technique and the City of Atlanta, Colorado department of transportation, and a hospital connected to NHS happen to be victims of such cyber attacks in 2018.

Websites- Sometimes bad actors use compromised websites to distribute ransomware via downloads. This happens due to known vulnerabilities in the software of the legitimate websites. Then the attackers use such flaws to either embed the malicious code on a website or to redirect the victim to another site which is in control of the hackers. CryptoWall, Princesslocker, and CryptXXX ransomware were spread by hackers in the above-said form.

USB sticks- This clearly happens when insiders in an organization turn as cyber threats. They use USB sticks to spread malware for reasons best known to them as a result of which the entire corporate network has to suffer for days and sometimes for weeks. Distributed by USB Sticks, Spora Ransomware was one such malware which infected many systems in Australia in 2016.

Any more attack variants to add….?

You can suggest them through the comments section below.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display