How Can Ransomware Spread?September 18, 2020 | By Comodo
Many years ago, in 1989, precisely—a seminar organized by the world health organization witnessed attendees’ data restricted after using an AIDS guide diskette on their computers. This diskette was loaded with malicious codes instead of the information it claimed to have about AIDS. The creator of the malware, Joseph Popp, who was actually an AIDS researcher, requested a certain sum from the victims before the restrictions could be lifted. However, the attack was neutralized as tools became available to crack the codes, but the pace for ransomware attacks was set.
Today, ransomware attacks have become rampant, costing victims millions of dollars. Government agencies, businesses, and individuals have all had their share of ransomware attacks, which has continued unabatedly.
How does ransomware spread? Ransomware does spread, yes! And the methods of attacks vary. Basically, phishing has been the widely used method of spreading ransomware. Below, we have considered the various phishing methods and other methods of attacks deployed in spreading ransomware.
This is one of the phishing methods used by ransomware criminals to spread ransomware malware. The email attachments are accompanied by con messages pretending to be your business associate or client. If you’re a target, they go the extra mile to research your clients or business associates, hack into their emails or create a similar email identity. The attachments may come in different formats such as ZIP files, PDF, Word document, Excel spreadsheet, etc. Opening the attachment lets the ransomware into your computer.
- Do not open email attachments from untrusted senders.
- Check carefully to spot emails impersonating your business associate, client, or service providers. It is possible to register a domain name with a different extension similar to your business partner or anyone they are impersonating. Ensure you compare such emails before you take any action.
- Call your business partner, client, or service provider to verify any email from them asking you to open suspicious attachments.
Although you may not identify an infected link by mare looking at the URL, the sender and accompanying text can help you suspect such links. This is another method of phishing used by ransomware criminals. The messages are often worded convincingly, to trick you into clicking the link. Infected links are spread through social media messages, emails, and other digital means of sending messages with links.
- Be careful of persuasive messages sent via emails and social media private message box asking you to click a link. Do not quickly trust the identity as any of your friend’s may compromise, and they’d attack through the profile.
- Hover around URLs to check what the link contains.
- Use short URL checker tools to expand shortened URLs.
- Enter links manually on your computer to avoid opening phishing links.
Remote Desktop Protocol
Ransomware can also spread via a network. As you may know, the remote desktop is a communication protocol that allows connection between two computers over a network connection, and this a popular attack vector. Dharma, SamSam, and GandCrab, etc., are typical examples of ransomware spread through a remote desktop protocol.
- Use strong passwords and avoid using the same password for multiple accounts
- Ensure you change your remote desktop control port.
- Enable two-factor authentication for remote sessions
- Use a VPN
Managed Service Providers (MSPs) and Remote Monitoring and Management (RMM)
About 22 towns in Texas were attacked by ransomware in August 2019—demanding 2.5 million dollars as ransom. This attack, according to available statistics, was spread through MSP tools. MSPs are frequent targets of phishing attacks through exploiting the RMM software. An attack on MSP can affect the whole customer base.
- Enable two-factor authentication on RMM software.
- Ensure you use an MPS company with advanced security systems to combat phishing scams.
Are you happy downloading cracked software into your computer as you don’t have to pay for them? You may have to pay more money to ransomware criminals if you continue using cracked software. Most of the cracked software sites are operated by scammers in disguise. They may hide malicious codes on them, which means installing the software signals a welcome to the malware.
Aside from the software harboring malware, cracked software does not receive updates from the developers, and you do miss essential updates. Note that most updates are released to patch security vulnerabilities. With outdated software, you risk being easily attacked by ransomware.
- Do not use cracked software.
- Be wary of some free software.
Ransomware can also spread through websites pop-ups, USB drives, network propagation, malvertising, etc. You can avoid ransomware by following the prevention tips highlighted above and also investing in security systems.
Most importantly, make sure to back up your data to help you recover them if the worse comes to worst!