The ransomware economy is booming. Ransomware gangs are so successful that if cybercriminals were companies, some would be considered “unicorns.” Organized crime syndicates have taken over this highly lucrative extortion racket and are now running the ransomware economy at an industrial scale. The U.S. is reportedly hit by seven ransomware attacks every hour, with ransomware demands expected to hit $20 billion this year and $265 billion in ten years.
Top Infection Vectors of a Ransomware Attack
Cybercriminals need a delivery system that drops the ransomware payload on the target machine. Once this malware infiltrates your network, it takes over and can perform several damaging actions such as file encryption, credential hijacking, data exfiltration and even deletion or corruption of your backups. Recognizing and fortifying defenses against such infection vectors is key for a proactive ransomware defense. Cybercriminals continue to evolve their vectors in line to changes in internet and technology however, here are the top four infection vectors:
Phishing is one of the most common entry points of all forms of cybercrime. Hackers will routinely send files using multiple tactics to hide their malicious intent and trick users into opening the email. A commonly used tactic is a masked, malicious URL in the email which, when clicked, downloads malicious software. Many victims fail to verify the authenticity of a suspicious sender, URL or attachment, and this can directly lead to a ransomware infection. Spam or phishing emails are considered a leading entry point of 54% of all ransomware attacks.
Drive-by-download is another attack vector used by cybercriminals. Cybercriminals will run an exploit kit (EK) that tries to exploit existing but unpatched vulnerabilities. When victims visit a compromised website. attackers will leverage the vulnerabilities to deploy their malicious code. Another common method for delivering a drive-by download is the exploitation of content management systems like WordPress to host malicious webpages.
Free Software Vector
Cybercriminals are also known to exploit human psychology. They lure users into downloading free software laden with malicious code. These come in various forms such as “cracked” versions of expensive games or adult content, screensavers or bogus software advertised as a way to cheat in online games or get around a website’s paywall. When victims download these infected programs, they open the front door to attack. Traditional defenses like firewalls and email filters are bypassed. One of the top-selling games of all time, Minecraft, is known to have malicious user-generated “Modpacks” that promise additional gameplay elements to users who download them.
Remote Desktop Protocol (RDP) Vector
Remote desktop protocol (RDP) sessions are a common means of infecting internet-facing networks with ransomware. RDP sessions are used by administrators to remotely login to Windows machines, but may allow an unauthorized remote user to control a device or system. With the rise of remote working, this has become a very high risk. Hackers are becoming increasingly skilled at attacking these exposed computers and using them to lock a network with ransomware. RDP is usually hacked with brute-force password attacks because the victim did not enable account lockout protections. RDP attacks jumped 768% in 2020 owing to the rise in remote working. Some researchers are calling RDP one of the biggest infection vectors causing ransomware attacks.
Best Practices to Mitigate Ransomware Infection Vectors
Your best defense against ransomware is ensuring you have adequate protection against these infection vectors. Back-ups are only a contingent strategy. Here are some useful tips that help mitigate risks from infection vectors:
- Disable remote desktop protocol: RDP access should be disabled for all except whitelisted sources.
- Use email filtering: Most email service providers have built-in anti-phishing filters. Always keep these turned on, but understand they have frequent failures.
- Run security awareness training: Educate users to identify and report suspicious emails. Help them develop good cybersecurity hygiene so they don’t fall prey to traps set by fraudsters.
- Use MFA: Multi-factor authentication can act as a secondary level of defense in case your credentials are leaked or stolen and can protect against some common attacks like credential stuffing, brute force, key logging and man-in-the-middle.
- Patch regularly: Ensure users have the latest versions of software so hackers do not have any added advantage and there is an additional layer of defense.
Recovering from a ransomware attack is expensive and time-consuming to say the least. The first step in avoiding attack is by understanding the infection vectors, knowing your attack surfaces and gauging the risks associated with human error. Once the ways in which defenses can be breached is understood, you can start deploying the protections needed to maintain a and create a resilient security culture.