SBN

Top 5 ways ransomware is delivered and deployed

Introduction

If your computer has not yet been affected by ransomware, odds are it could soon be. With ransom payments averaging more than $80,000 in Q4 2019, the coveted malicious software is fast becoming cybercriminals’ weapon of choice. Ransomware utilizes internal systems to encrypt a chain of files and deactivate recovery processes, preventing access to that data. Meanwhile, the hacker sends a ransom demand to the victim to unencrypt and restore access to the files. 

But just how does ransomware slip unnoticed past security controls? That’s the question we aim to answer.

In this piece, we’ll look at five main strategies cybercriminals use to deliver and deploy ransomware. We’ll also highlight the steps needed to reduce the risk of infiltration. Although the ransomware attack technique seems straightforward, an adversary can engineer it in various and ever-changing ways to bypass security implementations.

So how is ransomware distributed? Below are the top five ransomware attack vectors. 

1. Email phishing

The vast majority of ransomware is delivered via phishing email campaigns. This is when adversaries use legitimate-looking emails to trick an individual into clicking a malicious URL or opening an attachment that contains malware. The URL redirects the target to a malicious site that triggers the download of ransomware. In the case of attachments, hackers use common file formats like Word, PDF, Excel and ZIP file to make things less suspicious. Once the attachment is opened, the ransomware immediately delivers its payload, encrypting and holding files for the hacker.

When it comes to minimizing your risk exposure to phishing, knowledge is key. For example, you should know how to distinguish illicit URLs from genuine links. Manually entering the links in your browser, hovering over URLs and expanding shortened URLs can help prevent you from clicking malicious links. For attachments, check (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/hH6cC_FA6I0/