How does ransomware happen
The key in avoiding ransomware attacks is to understand how they spread. No one seems to be immune from Ransomware attacks. It is already an escalating threat to organizations. With cybercriminals upping their game to avoid detection, it can be difficult for the average user to understand how they got infected in the first place.
There are a lot of avenues for ransomware to occur, but these are the four (4) most common ways that ransomware infects its victims:
1. Phishing Emails
This is the most common method hackers utilize to infect their victims’ machines, they spread ransomware through phishing emails. Usually, the hackers trick the users into clicking the email attachment that contains a malicious file and when they do, the game begins.
A more advanced ransomware attack could not just infect a single PC, but a whole network of it. All it can take is for an employee to open an attachment in the phishing email to infect the entire organization.
2. Remote Desktop Protocol
This is the most popular method hackers use to infect their victims with ransomware. As the name implies, Remote Desktop Protocol (RDP) was created to remotely access a computer by IT administrators to configure it or simply use it.
With this functionality, hackers can simply search for devices that can be accessed remotely and brute-forcing the password using password-cracking tools such as Cain and Abel, to log in as an administrator.
Once the hackers became administrators, they can now have full control over the computer and can now execute infestation over the computer.
3. Drive-By Downloads From a Compromised Website
This is another way hackers utilize to infect unsuspecting users, through what is known as drive-by downloads. When users visit a compromised website, malicious downloads occur without a user’s knowledge.
Hackers usually execute drive-by downloads by taking advantage of legitimate website software’s known vulnerabilities. They can use these vulnerabilities to their advantage to either redirect the victim to another site that they control or embed the malicious code on a website, which hosts a software known as exploit kits.
What these exploit kits do is let hackers have the ability to scan the visiting device for weaknesses and if found, without the knowledge of the user, executes a code in the background without the user clicking anything. When executed without fail, the user will now be faced with a ransom note, informing that their device has been infected and demanding payment for returned files.
4. How does ransomware happen using USB and Removable Media
Lastly, another avenue for hackers to penetrate a network with ransomware is through a USB device. In 2016, Australian police warned its citizens regarding USB drives appearing in their mail boxes. These USB drives masqueraded as a promotional Netflix application. However, when unsuspecting users connect it to their personal computers, ransomware is deployed and infects their computer.
The Spora Ransomware even has an added functionality of replicating itself onto another USB and removable media drives (in hidden file formats), infecting more machines in which the USB device is plugged into.
7 Ways to prevent and limit the Ransomware’s impact
Ransomware can disrupt the whole operation of a private enterprise or a public institution, no one is specifically targeted. To prevent this, here are seven (7) ways follow:
1. Maintain backups – thoughtfully
It is recommended to back up your data as this is the most effective way to recover it from a ransomware infection. One should consider putting your backup files in an appropriately protected and stored offline or out-of-band, so that it is out of reach to hackers. One could also use cloud services as it retains previous versions of your files, accessible for you to roll it back.
2. Develop plans and policies
It is always helpful for you to create a response plan for your IT security to use so that they will know what to do when a ransomware event occurs.
3. Review port settings
A lot of hackers can take advantage of your Remote Desktop Protocol (RDP) port 3389 and Server Message Block (SMB) port 445. Always consider limiting connections to only trusted hosts and consider whether your organization needs to leave these ports open. Always be mindful to review these settings for both on-premises and cloud environments, and work with your cloud service provider to disable unused RDP ports.
4. Harden your endpoints
Always ensure to configure your systems with security in mind. These secure configuration settings can help provide protection from any threat and close gaps concerning security left over from default configurations.
5. Keep systems up-to-date
Make sure to keep your devices and machines up to date with all the security updates released from time-to-time.
6. Train the team
Train your team on how to respond when ransomware attacks. It is the key to stop ransomware in its tracks.
7. Implement an Intrusion Detection System (IDS)
Implementing an Intrusion Detection System (IDS) helps organizations to look for malicious activity by comparing network traffic logs to signatures that detect known malicious activity. If there are malicious activities found, IDS will quickly inform you of its presence.