In order to better prevent ransomware, it is critical to understand the tactics attackers use to deliver this threat. There are multiple ransomware variants in use across multiple attack vectors, including through the network, SaaS-based applications and directly to the endpoint. This information will enable you to focus your security controls on the areas most likely to be leveraged and reduce the risk of infection.
Exploit kits are sophisticated toolkits that exploit vulnerabilities. Most often, exploit kits are executed when a victim visits a compromised website. Malicious code hidden on the site, often in an advertisement (malvertisement), redirects you to the exploit kit landing page unnoticed. If vulnerable, a drive-by download of a malicious payload will be executed, the system will become infected, and the files will be held for ransom.
With malicious email attachments, the attacker crafts an email, likely from a believable source, such as Human Resources or IT, and attaches a malicious file, such as a portable executable (PE) file, a Word document, or a .JS file. The recipient opens the attachment thinking the email has been sent from a trusted source. Once the file is opened, the ransomware payload is unknowingly downloaded, the system is infected, and the files are held for ransom.
Similar to malicious email attachments, malicious email links are URLs in the body of the email. Likewise, these emails are sent from someone or some organization that you believe to be a trusted source. When clicked, these URLs download malicious files over the web, the system is infected and the files are held for ransom.
This evolution, and the ease at which these attacks are executed, means any organization can be the next victim and is likely already a current target. However, there are solutions. Prevention is key in keeping organizations safe. The most effective strategy for stopping a ransomware attack relies on preventing the attack from ever entering your organization.