Privacy Ninja

How does ransomware happen? Here are 7 ways to prevent them

how does ransomware happen.
Ransomware happen when not being careful. Here are 7 ways to prevent them.

How does ransomware happen

The key in avoiding ransomware attacks is to understand how they spread. No one seems to be immune from Ransomware attacks. It is already an escalating threat to organizations. With cybercriminals upping their game to avoid detection, it can be difficult for the average user to understand how they got infected in the first place. 

There are a lot of avenues for ransomware to occur, but these are the four (4) most common ways that ransomware infects its victims:

1. Phishing Emails

This is the most common method hackers utilize to infect their victims’ machines, they spread ransomware through phishing emails. Usually, the hackers trick the users into clicking the email attachment that contains a malicious file and when they do, the game begins. 

The attached file can come into a number of formats, including a Zip file, a PDF, a JavaScript, or a word document. When the attached document is a Word file, the attacker most commonly tricks the user into “Enabling Macros” and thus, enables the hacker to execute a malicious executable file (EXE) from an external web server. The functions necessary to encrypt the data on the victim’s machine are already included in the EXE, and once the data is encrypted, the hacker now gains access to a computer.

A more advanced ransomware attack could not just infect a single PC, but a whole network of it. All it can take is for an employee to open an attachment in the phishing email to infect the entire organization.

2. Remote Desktop Protocol

This is the most popular method hackers use to infect their victims with ransomware. As the name implies, Remote Desktop Protocol (RDP) was created to remotely access a computer by IT administrators to configure it or simply use it. 

With this functionality, hackers can simply search for devices that can be accessed remotely and brute-forcing the password using password-cracking tools such as Cain and Abel, to log in as an administrator.

Once the hackers became administrators, they can now have full control over the computer and can now execute infestation over the computer. 

Also Read: What You Need to Know About Singapore’s Data Sharing Arrangements

3. Drive-By Downloads From a Compromised Website

This is another way hackers utilize to infect unsuspecting users, through what is known as drive-by downloads. When users visit a compromised website, malicious downloads occur without a user’s knowledge. 

Hackers usually execute drive-by downloads by taking advantage of legitimate website software’s known vulnerabilities. They can use these vulnerabilities to their advantage to either redirect the victim to another site that they control or embed the malicious code on a website, which hosts a software known as exploit kits. 

What these exploit kits do is let hackers have the ability to scan the visiting device for weaknesses and if found, without the knowledge of the user, executes a code in the background without the user clicking anything. When executed without fail, the user will now be faced with a ransom note, informing that their device has been infected and demanding payment for returned files. 

4. How does ransomware happen using USB and Removable Media

Lastly, another avenue for hackers to penetrate a network with ransomware is through a USB device. In 2016, Australian police warned its citizens regarding USB drives appearing in their mail boxes. These USB drives masqueraded as a promotional Netflix application. However, when unsuspecting users connect it to their personal computers, ransomware is deployed and infects their computer.  

The Spora Ransomware even has an added functionality of replicating itself onto another USB and removable media drives (in hidden file formats), infecting more machines in which the USB device is plugged into. 

There are ways to prevent ransomware infestation.

7 Ways to prevent and limit the Ransomware’s impact

Ransomware can disrupt the whole operation of a private enterprise or a public institution, no one is specifically targeted. To prevent this, here are seven (7) ways follow:

1. Maintain backups – thoughtfully

It is recommended to back up your data as this is the most effective way to recover it from a ransomware infection. One should consider putting your backup files in an appropriately protected and stored offline or out-of-band, so that it is out of reach to hackers. One could also use cloud services as it retains previous versions of your files, accessible for you to roll it back. 

2. Develop plans and policies

It is always helpful for you to create a response plan for your IT security to use so that they will know what to do when a ransomware event occurs. 

3. Review port settings

A lot of hackers can take advantage of your Remote Desktop Protocol (RDP) port 3389 and Server Message Block (SMB) port 445. Always consider limiting connections to only trusted hosts and consider whether your organization needs to leave these ports open. Always be mindful to review these settings for both on-premises and cloud environments, and work with your cloud service provider to disable unused RDP ports.

4. Harden your endpoints

Always ensure to configure your systems with security in mind. These secure configuration settings can help provide protection from any threat and close gaps concerning security left over from default configurations. 

5. Keep systems up-to-date

Make sure to keep your devices and machines up to date with all the security updates released from time-to-time.

6. Train the team

Train your team on how to respond when ransomware attacks. It is the key to stop ransomware in its tracks. 

7. Implement an Intrusion Detection System (IDS)

Implementing an Intrusion Detection System (IDS) helps organizations to look for malicious activity by comparing network traffic logs to signatures that detect known malicious activity. If there are malicious activities found, IDS will quickly inform you of its presence. 

Also Read: Data Protection Act of Singapore: Validity in the Post-pandemic World

Outsourced DPO – It is mandatory to appoint a Data Protection Officer. Engage us today.

PDPA Training (SkillsFuture Eligible) – Empower data protection knowledge for your employees.

Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.

Privacy Ninja provides GUARANTEED quality and results for the following CORE SERVICES:

DPO-As-A-Service (Outsourced DPO Subscription)
Vulnerability Assessment & Penetration Testing (VAPT)
PDPA Obligations for Organizational Compliance (SkillsFuture Credit Eligible)

OTHER SERVICES:

PDPA Compliance Audit
Dig
ital Transformation Consultancy
Data Protection Trustmarks Certification Readiness Consultancy

PDPA Data Protection Software
Smart Contract Audit

LIKE & SUBSCRIBE:
Facebook
LinkedIn
Twitter
YouTube
Podcast

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Powered by WhatsApp Chat

× How can we help you?