Prevent Cyber Attacks Through a Lesson in Ransomware Anatomy

You’ve been suffering from flu-like symptoms for over a week now, so you drag yourself out of bed to see your doctor. Once at the appointment, the doctor does a thorough examination before determining the correct course of treatment for your infliction. And you might even walk away with a lesson in hand washing and other preventative measures so you make it through the next cold and flu season unscathed.

This basic premise of treating and preventing what ails you draw similarity to protecting against ransomware attacks. The malicious code comes nestled in a variety of threat vectors that aim to infiltrate potential victims’ computers and other åendpoint devices. Without understanding the anatomy of a ransomware attack, you aren’t able to prevent cyber attacks and treat incidents that will probably make you feel worse than you did with those flu-like symptoms.

Getting to Know Ransomware Vectors to Prevent Cyber Attacks

Vector #1: Malicious Email Attachments and Links

From emails masquerading as job applications with infected attachments, to false shipment notifications around the holidays, malicious actors definitely take creative liberties in ransomware campaigns.

To ensure that the emails bypass spam filters, cybercriminals are careful to write in appropriate languages and send to actual email addresses. Once the email is delivered, it normally contains one of two types of attachments:

  • A file that requires the victim to enable macros to display the file correctly
  • A disguised, executable file that takes advantage of default Windows configuration that does not display the last extension. Users won’t see that the file is actually something like filename.pdf.exe.

Vector #2: Compromised Websites

Not all ransomware attacks have to be perfectly packaged in a creative email. Compromised websites are easy places to insert malicious code. All it takes is for an unsuspecting victim to visit the site, perhaps one they frequent often. The compromised site then reroutes to a page that prompts the user to download a newer version of their web browser, as an example. If clicked, the ransomware is either activated, or it runs an installer that downloads and runs the ransomware.

Vector #3: Malvertising

If a user has an unpatched vulnerability in his or her browser, a malvertising attack can occur. Using common advertisements on websites, cybercriminals can place the malicious code to download the ransomware once displayed using an out of date browser. While this is a less common ransomware vector, it still poses a danger since it doesn’t require the victim to take any action like downloading a file and enabling macros.

Vector #4: Exploit Kits

Angler, Neutrino, and Nuclear kits were dominating the threat landscape, but have since dropped off. These exploit kits are a type of malicious toolkit with pre-written exploits that target various browser plugins that tend to be vulnerable, like Java and Adobe Flash. Commonly known ransomware like Locky and CryptoWall have been delivered through this vector on booby-trapped sites or through malvertising campaigns.

Vector #5: Infected Files and Application Downloads

Much like in the case of emails, any file or application that can be downloaded can also be used for ransomware. While downloadables on illegal file-sharing sites are ripe for compromise, there is also potential for hackers to exploit legitimate websites. All it takes is for the victim to download the file or application and then the ransomware is injected.

Vector #6: Messaging Applications

Through messaging apps like Facebook Messenger, ransomware can be disguised as scalable vector graphics (SVG) to load the file that bypasses traditional extension filters. Since SVG is based on XML, cybercriminals are able to embed any kind of content they please. Once accessed, the infected image file directs victims to a seemingly legitimate site. After loading, the victim is prompted by an install, which if completed, distributes the payload and goes on to the victim’s contacts to continue the impact.

Take Your Multivitamin and Use Next Generation Endpoint Protection

Ransomware is a growing concern for businesses of all types. Just like taking your daily multivitamin, it’s imperative that the correct protections are used every day to prevent a ransomware attack. Now that you’ve learned about the methods that cybercriminals use to spread ransomware, you are ready to start defending your network.

To learn more about hackers holding data hostage and prevention techniques, download our white paper The Rise of Ransomware & How to Defend Against It.