All these days we have reported about companies that are or have been targeted by ransomware and some remedies to isolate a company’s digital infrastructure from getting infected by the file-encrypting malware.
In this article let’s discuss some common ways on how ransomware can infect an organization irrespective of its size and the business field it holds.
Phishing and Social Engineering led data leaks– As ransomware spreading gangs are becoming sophisticated; they are using phishing emails to gain trust and trick potential victims to submit credentials. As they mimic genuine files, victims often end up clicking on the malicious links which then leads to malicious downloads and data encryption.
Malevolent websites- Often hackers are seen trapping their victims through compromised websites which are becoming easy places to insert malicious codes. E-commerce websites, web browser plug-ins, and payment gateways are few examples of compromised websites which either lead to malware downloads or malware activation through click and bait installers.
Malvertising- Often hackers are seen targeting vulnerable browsers or unpatched Operating systems with malvertising attacks. In such practices, victims are led to ad portals where cyber crooks start inducing malicious codes that eventually lead to malware downloads. Security analysts say that such kind of attacks is notorious as they do not require victims to download a file or to enable macros.
Infected files and applications- Often files and applications downloaded from illegal websites lead to malware infections. For instance, the recently discovered MBRLocker which was distributed by hackers through legitimate websites to deliver infected executables.
Brute Force scams via RDP- As ransomware spreading gangs are becoming highly sophisticated; they are seen targeting endpoints with brute force attacks through the Remote Desktop Protocol (RDP). SamSam ransomware is one such malware which offers the hackers the privilege to use a remote device to launch an attack.
Social Media- Often links being distributed on social media platforms as Facebook and WhatsApp can lead to ransomware infections. One such infection vector is scalable vector graphics which uses the image file extension to distribute payloads. Although the companies offering networking services are trying their best in filtering and isolating such content from their users, still some payloads find their way to user devices in some way or the other.
Note- Creating awareness among staff on the dos and don’ts on a network, installing threat monitoring solutions, maintaining regular data backups are some of the Cybersecurity measures to take well in advance to prevent such malware from targeting your company network-‘Prevention is always better than cure’.