Ransomware: Common Attack Methods
Ransomware attacks can be carried out using three methods: silent infected from exploit kits, malicious attachments to email, and malicious links to email.
It is important to be able to recognize the tactics used by ransomware attackers to spread this threat. Multiple ransomware types are available and can be used across many attack vectors. These include the network, SaaS-based apps, and directly at the endpoint. This information will allow you to concentrate your security controls on areas that are most likely to be exploited, and decrease the risk of infection.
Exploit kits are sophisticated toolkits designed to exploit vulnerabilities. Exploit kits are most often executed when victims visit a compromised website. Malicious code is hidden on the site in an advertisement. This redirects you to the exploit kits landing page without your knowledge. If the site is vulnerable, a drive-by download of a malicious malware payload will be executed. The system will then become infected and files will be held hostage for ransom.
Malicious Email Attachments
Malicious email attachments are created by the attacker. The email is likely to be from Human Resources or IT. The victim opens the attachment believing that it has come from a trusted source. The ransomware payload has been unknowingly downloaded and the file is locked for ransom.
Malicious Email Links
Malicious email links, which are URLs embedded in an email body, are similar to malicious attachments. These emails can also be sent from an organization or person you trust. These URLs can be clicked to download malware files from the internet. The system will then become infected and files will be held hostage for ransom.
This evolution and the ease with which these attacks can be executed means that any organization could become the next victim. There are however solutions. Organizations can be kept safe by preventing ransomware attacks. Preventing ransomware attacks from entering your company is the best strategy to stop them.