What is ransomware? Ransomware is a type of malicious software that prevents access to a device or the data on the device until a ransom is paid. Quite often, the ransomware has a built-in timer with a payment deadline. Crypto ransomware prevents access to files or data and preys on users who do not utilize offline backups, Locker ransomware denies access to a computer or device, heavily utilizes social engineering, and is typically more easily removed than Crypto ransomware.
Where does malicious ransomware come from?
There are many ways ransomware can enter your computer systems. The attack vectors can be divided into two types – human and machine attack vectors.
Human Attack Vector – Phishing uses fake emails to try to trick people into clicking on a link or opening an attachment that carries malicious code. The email might be sent to one person or many within an organization. Sometimes the phishers take the time to research the individual targets and businesses so their email appears legitimate.
Human Attack Vector – SMS-shing uses text messages to get recipients to navigate to a site or enter personal information on their device. Common approaches use authentication messages or messages that appear to be from a financial or other service provider. Some SMS-shing ransomware attempt to propagate themselves by sending themselves to all contacts in the device’s contacts list.
Human Attack Vector – In a similar manner to email and SMS, vishing uses voicemail to deceive the victim. The voicemail recipient is instructed to call a number that is often spoofed to appear legitimate. If the victim calls the number, he or she is taken through a series of actions to correct some made-up problem. The instructions include having the victim unknowingly install malware on their computer.
Human Attack Vector – Social media can be a powerful vehicle to convince a victim to open a downloaded image from a social media site or take some other compromising action. The carrier might be music, video, or other active content that once opened will infect the user’s system.
Machine Attack Vector – The drive-by vector has this name because all it takes for the victim to become infected is to open a web page with malicious code in an image or active content.
Machine Attack Vector – With this vector, the cybercriminals learn the vulnerabilities of specific systems and exploit those vulnerabilities to break in and install ransomware on the machine. This most often happens to systems that are not patched with the latest security releases.
Machine Attack Vector – Malvertising is like drive-by, but uses ads to deliver the malware. These ads might be placed on search engines or popular social media sites in order to reach a large audience. A common host for malvertising is adult oriented websites.
How can we avoid being victims of malicious ransomware?
US-CERT recommends that users and administrators take the following preventive measures to protect their computer networks from ransomware infection: