By PJ Bradley

Ransomware is one of the top threats to organizations today, as the costs extend far beyond the financial hit of potentially paying a ransom. A ransomware attack endangers sensitive data and other assets, compromises entire systems, causes business disruptions and downtime, and damages an organization’s reputation. To fight ransomware, organizations must understand the most common vectors for ransomware attacks and secure those pathways.

Place Roadblocks on These Infection Routes

Phishing and Social Engineering

Ransomware is quite often delivered to the target device via phishing emails or other social engineering attacks. These attacks use deception and manipulation to convince the victims to download malicious attachments that infect their devices. In fact, close to 60% of ransomware attacks are initiated by a successful phishing email.

Phishing attacks use tactics like urgent requests for money or information in order to achieve their ends, including ransomware deployment. Protecting against phishing and other social engineering attacks largely comes down to awareness. Ensuring that employees are trained in identifying and preventing phishing attempts, along with general email hygiene practices, is crucial for avoiding ransomware attacks launched via phishing.

Unsecured or Compromised RDP/VPN Connections

Attackers often take advantage of Remote Desktop Protocols (RDPs) and Virtual Private Networks (VPNs) to make lateral and vertical movements within a network that they have infiltrated. This enables them to discover sensitive assets and locate files to steal and encrypt. A compromised RDP connection can enable bad actors to execute malicious code or scripts. Securing RDP and VPN connections by using reliable tools, monitoring and managing sessions, and using multi-factor authentication is vital.

Watering Holes, Malicious Ad Libraries, Drive-By Attacks

Ransomware distribution can occur via watering hole attacks, where a legitimate site or a spoofed version is compromised to distribute malicious code to a targeted audience. Similarly, attackers can compromise ad libraries to implant ransomware into advertisements on legitimate websites. Organizations can guard against these attacks by using trustworthy web filters and security tools, monitoring network traffic, educating their employees on avoiding suspicious sites, and keeping work and personal resources separate.

Compromised Software Downloads

Ransomware can be delivered when threat actors compromise legitimate software downloads from reputable vendors, such as the 2021 Kaseya supply chain attack. This can occur when they exploit known vulnerabilities that have not yet been patched, endangering supply chains and compromising many customers downloading the software. Following security best practices like applying the principle of least privilege, keeping all software up to date, and monitoring network activity can help to prevent this sort of attack.

Zero-Day and Unpatched Vulnerability Exploits

There are a number of reasons that vulnerabilities may be unpatched: the vulnerability may be new and unknown, patches take a while to develop and test, organizations may be hesitant to undergo the complex patching process, or patches may not be compatible with systems or other programs without additional work. Patching software as quickly and securely as possible when patches are available is the best way to protect against these attacks.

Brute-Forced and Stolen Credentials

Ransomware can be deployed on target devices and networks when attackers obtain unauthorized access to login credentials to infiltrate a network. Whether they brute-force the login by using bots or steal credentials via a phishing link, bad actors gain access to their targets’ accounts, granting them privileges within the network and enabling them to carry out their attacks.

Securing this attack vector means ensuring good credential hygiene, including using password managers for unique and strong passwords, implementing multi-factor authentication anywhere possible, and adopting passwordless options such as passkeys or FIDO security keys.

Unhooking and Bypassing Endpoint Security Tools

Cybercriminals like ransomware attackers are often aware of the particular tools and methods that organizations implement in order to fight cyber threats, and their attacks can be tailored specifically to evade common security solutions. Malicious code can be written with bypasses that enable attacks to slip past security tools. To prevent this, organizations should invest in security solutions that use advanced technology like artificial intelligence and machine learning (AI/ML) to detect more sophisticated attacks and abnormal behaviors.

Network, System, and Software Misconfigurations

Misconfigurations include improperly configured settings in software, networks, or systems that leave them vulnerable to attacks. The best way to avoid misconfigurations is to invest the time and work into properly configuring all tools and systems or to utilize managed services to ensure that the complex settings are handled by experts who understand their configurations. It is also worth simplifying the tooling ecosystem to avoid the complexities and risks of tool (and vendor) sprawl.

Attack Toolkits and Abuse of Legitimate Network Tools

There are legitimate channels that organizations use to test the security of their own systems, like penetration testing tools or legitimate network tools, to compromise the network, make lateral movement, or carry out other attacks. This allows them to evade many detection measures and infiltrate organizations without being discovered. Protecting against this type of attack is difficult, but sophisticated monitoring, intelligence, and defense solutions can enable organizations to stop attackers through this vector.

Knowledge is Power

Preventing ransomware attacks requires securing many different vectors of attack, and the complexities of protecting every angle can be daunting. The first step to protecting your networks and devices against ransomware is understanding why and how ransomware attacks occur. Armed with the knowledge of the methods and tactics that bad actors use to infiltrate organizations, evade security measures, and launch their attacks, organizations can take steps to secure their devices, systems, and data against attacks.

PJ Bradley is a writer on a wide variety of topics, passionate about learning and helping people above all else. Holding a bachelor’s degree from Oakland University, PJ enjoys using a lifelong desire to understand how things work to write about subjects that inspire interest. Most of PJ’s free time is spent reading and writing. PJ is also a regular writer at Bora.