In order to better prevent ransomware, it is critical to understand the tactics attackers use to deliver this threat. This information will enable you to focus your security controls on the areas’ most likely to be leveraged, and reduce the risk of infection. There are now multiple ransomware variants in use spanning across multiple attack vectors, including through the network, SaaS-based applications and directly to the endpoint.
The three most common methods for attack are: silent infections from exploit kits, malicious email attachments, and malicious links in emails.
Exploit kits are sophisticated toolkits that exploit vulnerabilities. Most often, exploit kits are executed when a victim visits a compromised website. Malicious code hidden on the site, often in an advertisement (malvertisement), redirects you to the exploit kit landing page unnoticeably. If vulnerable, a drive-by download of a malicious payload will be executed, the system will become infected and the files will be held for ransom.
Malicious Email Attachments
With malicious email attachments, the attacker crafts an email, likely from a believable, source such as Human Resources or IT, and attaches a malicious file such as a Portable Executable (PE) file, Word Document, or a .JS file. The recipient opens the attachment thinking the email has been sent from a trusted source. Once the file is opened, the ransomware payload is unknowingly downloaded, the system is infected, and the files are held for ransom.
Malicious Email Links
Similar to malicious email attachments, malicious email links are URLs in the body of the email. Likewise, these emails are sent from someone or some organization that you believe to be a trusted source. When clicked, these URLs download malicious files over the web, the system is infected, and the files are held for ransom.
This evolution, and the ease at which these attacks are executed, means any organization can be the next victim and is likely already a current target. However, there are solutions. Prevention is key in keeping organizations safe. The most effective strategy for stopping a ransomware attack relies on preventing the attack from ever entering your organization.