Four common ways ransomware can infect your organization, including Angler and Nuclear exploit kits and Locky and CryptoWall ransomware
Understanding how ransomware infects a network is crucial to ensuring that your company does not become the next victim of an attack. Post infection, the ransomware spreads to other machines or encrypts the shared files on the network.
In many cases, it can spread across boundaries to infect supply chains, customers, and other affiliated organizations. The best answer to solving the conundrum of ransomware lies in prevention rather more than a cure. So just how does this devastating malware commonly infect devices?
Breaches via phishing and social engineering
The most common method for hackers to infect a company’s computers with ransomware is through phishing emails. As they become increasingly targeted, personalized and specific information is used to create emails designed to acquire trust and mislead potential victims into opening attachments or clicking on links to download malicious PDF and other document files. Files can take the form of standard formats like Microsoft Office files, PDF’s or JavaScript. Clicking on these malicious files or enabling macros will allow the file to execute, starting the process of encrypting data on the victim’s computer.
Infection through compromised websites
Not all ransomware attacks are delivered via email. Compromised websites are common places to insert malicious code. All it takes is for a victim to unknowingly visit the compromised site. The compromised site will then reroute to a page that prompts users to download a newer version of some software, perhaps a web browser, plugin or a media player. If the site has been designed to deliver ransomware, the malware is either activated directly or more commonly can run an installer that downloads and installs the ransomware.
Exploit kits that can deliver custom malware
Angler, Neutrino and Nuclear are some of the exploit kits that have been widely used in ransomware attacks. These frameworks are a type of toolkit with pre-written exploits that target vulnerabilities in browser plugins like Adobe Flash Player and Java. Microsoft’s Internet Explorer and Microsoft’s Silverlight are also common targets. Ransomware strains like Locky and CryptoWall have been known to be delivered through exploit kits on compromised websites and through malvertising campaigns.
Malware infected files and application downloads
Any file or application that can be downloaded can easily be used for ransomware. Cracked software on file-sharing sites are also breeding grounds for malware infections. Recent cases of MBRLocker took this route. Hackers can also exploit legitimate websites to deliver an infected executable. All it takes is the victim downloading the file or application, and then the ransomware is delivered.
