Ransomware 1: How Ransomware Gets In

Ransomware Attack Vectors

Just like an ex breaking your heart before ransomware can lock up your computer, it needs to get inside. While ransomware attacks seem to appear out of nowhere, they really aren’t that exciting, using the same old techniques as traditional malware to infect your network.

Just how do they do it? Phishing emails and compromised networks are the two main culprits that spread ransomware.

Phishing Emails

Everyone has heard of phishing emails to the point where we aren’t even listening anymore. We know, it’s brutal. But they are in the news and we talk about them ad nauseum because the cybercriminals trick you into giving away your bank password (or allowing hackers to watch Netflix on your account!). But they are also a common means of sneaking malware onto your computer.

Phishing emails are designed to be tricky in a number of ways because they want you (the recipient) to do something in order to release their evil payload. But the top two tricks are attachments and malicious links.

Attachments

Email attachments come in all shapes and sizes. Most of us have emailed at least one (or a zillion) MS Office documents, PDFs, or a few family photos to a friend or colleague (or ourselves).

Why do phishers love to use email attachments? Human nature. We are so curious, our instinct is to always open the attachment (especially if it says something juicy like ‘ticket refund’ or "package delivery" or "test results"). Most people “know” not to open and run an executable (or .exe for short), we’re so used to seeing docs and xls and jpg… we often don’t bat an eyelash at opening them. Hackers have discovered a number of ways to abuse features of these types of files to run malicious code, allowing them to download and run ransomware on your computer. It says PDF on the icon… but lurking underneath is malware like gum on a shoe.

Malicious Links

Just like witches in the Wizard of Oz, there are good links and bad links. Good links help us zip around and get to a specific page or location on the web faster (Thanks Glenda!). But hackers make use of links as well and can route you somewhere not so pleasant. Think flying evil monkeys. So they figure, if they can make a fake link look legit, you will think “Glenda” and click, but then it really goes to a malicious phishing fake-out website. And, as we’ll see in a second, malicious websites are a great way to deliver ransomware.

The Cybermaniacs puppet crew with their heads superimposed on characters from "Wizard of Oz"

Compromised websites

The Internet is a wonderful place with a wide variety of different websites, but it does remind us of cloud cuckoo land as well. We’d love it to be all rainbows and unicorns, but the ability to stand up a website and register a domain is easy and cheap, so cybercriminals have used a host of means to create, well, a lot of grey space between good sites and bad sites. Even a legitimate webpage that’s been compromised can give you a nasty ransomware infection just by stopping by to browse for chotchkies.

Phishing Sites

The worst of the lot is full-on phishing websites. These sites are set up by hackers in the hope of compromising innocent bystanders who happen to surf while on the web. They are often cleverly designed and look high-end like a legitimate website. Why set up a phishing site? Well, they can be used for a variety of purposes.

And one of these purposes, unfortunately, is delivering ransomware. Black Hat baddie hackers take advantage of a variety of different means to deliver ransomware from a malicious website, and many don’t require you to do a thing. A website may run a malicious script that drops malware on your machine or exploit a vulnerability in your browser to run some malicious code. Regardless of the method used, ransomware on your machine can cause a very bad day.

Malvertising

And just when you thought, “Stop OK, I get it, I’ve had enough.” There is one more.

Web threats aren’t limited to legitimate websites. Hey, are you sick of ads on websites? Us too! (and they are getting creepier and creepier, we have some theories on this (like, is my smartphone listening to me? Hmmm, might be another blog post, stay tuned… ) Ads can in fact be a threat to the web.

Malvertising is malicious advertising. The same ability to run executable code in your browser that hackers use to infect your machine with malware is used by legitimate advertisements for animations. As a result, hackers who manage to slip malware into advertisements can get them accepted and happily distributed by legitimate advertising networks to legitimate websites.

Stopping Ransomware at the door

Old school photo of the band "Men at Work" with Mo of Cybermaniacs included in picture

Like most malware attacks, ransomware exploits user behavior to get its foot in the door. Knowing what to watch out for in a phishing email or a suspicious website is half the battle when dealing with ransomware.

And now for the shameless plug: creating cyber-secure humans is a critical first step, as email filters and network security can only solve part of the ransomware problem. Build up your human firewall through continual, positive employee learning. Remind your staff with these tips to stay safe on email, safely online, and just please, don’t click on ads. Ever.