Ransomware is a type of malicious software that threatens to publish the victim’s data or block access unless a ransom is paid. Starting with infecting the target computer, ransomware will try to spread to connected systems, including shared storage and other accessible computers. Some simple ransomware may lock the system in a way that is not difficult for a knowledgeable person to reverse.
In a proper ly implemented attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash and Bitcoin are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Ransomware is commonly distributed through emails that encourage the recipient to open a malicious attachment. The malicious attachment is a file that can be sent in a variety of formats like a ZIP file, PDF, Word document, Excel spreadsheet, etc. Once the attachment is opened, the ransomware might start to spread immediately or after a few days or months depending on the attackers, encrypting the victim’s files. Attackers will gather information on the target to create believable emails. The more legitimate the email looks, the more likely the recipient is to open the attachment.
Prevention:
Attackers use social media platforms to distribute ransomware by inserting malicious links into messages. To encourage you to click on the malicious links, the content in the links is usually related to emergencies. Clicking on the link starts the download of ransomware, which encrypts your system and holds your data for ransom.
Prevention:
It is a communication protocol that allows you to connect to another computer over a network connection.RDP receives connection requests through port 3389. Attackers take advantage of this by using port-scanners to look through the Internet for computers with exposed ports. They then attempt to gain access to the machine by using security vulnerabilities or using brute force attacks to crack the machine’s login credentials. Once the attacker has gained access to the machine, they can do more or less anything they wish. Typically this involves disabling your antivirus software and other security solutions, deleting accessible backups, and deploying the ransomware.
Prevention:
Malvertising (malicious advertising) is becoming a highly popular method of ransomware delivery. It takes advantage of the tools and infrastructure used to post legitimate ads on the web. Typically, attackers purchase ad space, which is linked to an exploit kit. The ad might be an image or an offer for free software. When the user clicks on the ad, the exploit kit scans your system for information about its software, operating system, browser details, and more. If the exploit kit detects a vulnerability, it attempts to install ransomware on the user’s machine.
Prevention:
A drive-by download is any download that occurs without your knowledge. Ransomware distributors make use of drive-by downloads by either hosting the malicious content on their own site or, more commonly, injecting it into legitimate websites by exploiting known vulnerabilities.
When you visit the infected website, the malicious content analyzes your device for specific vulnerabilities and automatically executes the ransomware in the background.
Unlike many other attack vectors, drive-by downloads don’t require any input from the user. You don’t have to click on anything, you don’t have to install anything and you don’t have to open a malicious attachment – visiting an infected website is all it takes to become infected.
Prevention: