Understanding ransomware attacks
Ransomware attacks are on the rise and are becoming increasingly dangerous in recent years. An attack on corporate networks that encrypts sensitive information can cost businesses hundreds of thousands or even millions of dollars. In 2020, the FBI’s Internet Crime Complaint Center received 2,474 ransomware complaints. Mobile Computer Services, a managed it services company, shares the attack vectors through which ransomware enters and threatens a system.
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. As attacks evolve and attack methods get more sophisticated over time, understanding and preventing ransomware from affecting the system is of utmost importance.
How does ransomware gain access to the workplace and computer?
The methods with which ransomware gains access to systems are known as attack vectors, which can be divided into two types: human attack vectors and machine attack vectors.
1. Human Attack Vectors
Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. This is one of the tactics that cybercriminals use to fool people into giving up information that they otherwise would not divulge.
Common human attack vectors include:
Phishing is a type of social engineering attack wherein a victim is duped into sharing confidential data, including login credentials, banking details, and other personal or business information with a hacker. It uses fake emails to trick people into clicking on a link or opening an attachment that carries a malware payload. Often, the attackers research the person or organization in question before curating emails that seem legitimate. The attackers may also send mails to the target in the name of a known person to create credibility - this personalized attack is called spear phishing.
The use of text messages to dupe recipients to navigate to a site or enter personal information on their device is called SMSishing. The usual methods include authentication messages or messages that seem to originate from a financial or another service provider. The worst scenario is when some of the SMSishing ransomware is created to propagate itself by sending the threat to all contacts in the affected device’s contacts list.
When a scammer uses phone calls and voicemail to extract personal information and financial details, such as account numbers and passwords from a victim, it is called vishing. The usual scam is creating a sense of urgency by claiming that the victim’s account has been compromised, representing the victim’s bank or law enforcement, or offering to help the victim install the software. Cybercriminals can appear professional and employ sound effects and other means to appear legitimate.
d. Social Media phishing
When cybercriminals use social media as the platform to convince a victim to open a downloaded image from a social media site or take some other compromising action, it is called social media phishing. The ransomware carrier could be music, video, or other active content that once opened infects the user’s system. The scammer can extract social media account login credentials, credit card information, and personal information about the victim that can be used to launch further scams and attacks.
2. Machine Attack Vectors
Unlike the human attack vectors, the machine attack is automated and does not require any concrete human cooperation to infiltrate a computer or a network.
Drive-by-download attacks are malicious programs that are installed on a victim’s device without consent. This may also include unintentional downloads of any files or bundled software onto a computer device. The moniker drive-by originated from the method this attack takes wherein the victim has to only open a webpage with malicious code in an image or active content to download, unintentionally, the ransomware on the device.
b. System vulnerabilities
Cybercriminals research their targets to understand the vulnerabilities of specific systems and exploit these weak points to break in and install ransomware on the machine. Systems that have not been patched with the latest security releases often fall prey to these attacks.
Malvertising is like a drive-by, except that it utilizes ads to deliver malware. Popular social media sites or search engines may be used to infiltrate the computer or network. A common host for malvertising is adults-only sites.
d. Propagation through the network and shared services
Once ransomware enters a system, it can scan for file shares and accessible computers and propagate itself across the network or shared system. Companies with inadequate security might have their company file server and other network shares corrupted as well. File sharing or syncing activities may become the perfect means for ransomware to spread across a vast network and shared services within milliseconds.
Users must be vigilant about the settings they use for systems that automatically sync, and be aware of the source of a file before sharing them.
Why Mobile Computer Services?
Mobile Computer Services is a professional IT services company that works with small and medium-sized businesses in Raleigh NC. The services include:
- Managed IT services - 24x7 proactive monitoring and management of the company's IT infrastructure.
- Network services: Comprehensive care for the network systems provided by certified technicians.
- Business continuity planning: Get the business back on its feet swiftly during and after disasters.
- IT consulting: High-caliber advice from professional consultants to help achieve business goals.
- Security: Safeguard business from malicious hackers and cyber attacks.
- On-demand services: Day or night, the dedicated support staff is always available to assist.
- Office move: Professional office relocation and network cabling services.
- VoIP: Reduce telecom expenses and improve communications with powerful phone systems.
- Email protection: Protect mail systems from spam and malware.