Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
Ad icon
🎮 INDIAN PSN GIFT CARDS AVAILABLE NOW! 🎮
madukaperera
Updated:
Yesterday at 12:57 PM
🚀 Google AI PRO – 18 Months | Rs. 850 Only
lkkolla
Updated:
Monday at 4:56 PM
🔒 NordVPN Premium – 3 Months
hrdilshan
Updated:
Thursday at 8:29 PM
🚀 Microsoft Office 365 Pro Plus – Lifetime Access! 🚀
hrdilshan
Updated:
Thursday at 8:28 PM
Linkedin Premium Business / Careere /Sales Navigator - 1/2/3/6/9/12 Months - Reddem Link
hrdilshan
Updated:
Thursday at 8:27 PM
Electronics
Vehicles
Property
Search
Reply to thread
Forums
Computers & Internet
Tips & Tricks
How ransomware spreads: 9 most common infection methods and how to stop them
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="Sam Walton" data-source="post: 25024749" data-attributes="member: 566130"><p><strong><span style="font-size: 22px">How ransomware spreads: 9 most common infection methods and how to stop them</span></strong></p><p><strong><span style="font-size: 22px"></span></strong></p><p><span style="font-size: 18px">Cybercriminals are looking for creative new ways to hold your data hostage.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><strong>Other Useful Threads:</strong></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><a href="http://www.elakiri.com/forum/showthread.php?p=24602081#post24602081" target="_blank">http://www.elakiri.com/forum/showthread.php?p=24602081#post24602081</a></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><a href="http://www.elakiri.com/forum/showthread.php?p=24622231#post24622231" target="_blank">http://www.elakiri.com/forum/showthread.php?p=24622231#post24622231</a></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><strong>1. Email attachments</strong></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">Ransomware is commonly distributed via emails that encourage the recipient to open a malicious attachment. The file can be delivered in a variety of formats, including a ZIP file, PDF, Word document, Excel spreadsheet and more. Once the attachment is opened, the ransomware may be deployed immediately; in other situations, attackers may wait days, weeks or even months after infection to encrypt the victim’s files, as was the case in the Emotet/Trickbot attacks.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><u>Prevention tips</u></span></p><ul> <li data-xf-list-type="ul"><span style="font-size: 18px">Only open attachments from trusted senders.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Check that the sender’s email address is correct. Remember that domain names and display names can easily be spoofed.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Do not open attachments that require you to enable macros. If you believe the attachment is legitimate, seek guidance from your IT Department.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Read this guide for more information on how to avoid phishing emails.</span></li> </ul><p></p><p><span style="font-size: 18px"><strong>2. Malicious URLs</strong></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">Attackers also use emails and social media platforms to distribute ransomware by inserting malicious links into messages. During Q3 2019, almost 1 in 4 ransomware attacks used email phishing as an attack vector, according to figures from Coveware.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">To encourage you to click on the malicious links, the messages are usually worded in a way that evokes a sense of urgency or intrigue. Clicking on the link triggers the download of ransomware, which encrypts your system and holds your data for ransom.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><u>Prevention tips</u></span></p><ul> <li data-xf-list-type="ul"><span style="font-size: 18px">Be wary of all links embedded in emails and direct messages.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Double-check URLs by hovering over the link before clicking.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Use CheckShortURL to expand shortened URLs.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Manually enter links into your browser to avoid clicking on phishing links.</span></li> </ul><p></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><strong>3. Malvertising</strong></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">Malvertising (malicious advertising) is becoming an increasingly popular method of ransomware delivery.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">Malvertising takes advantage of the same tools and infrastructures used to display legitimate ads on the web. Typically, attackers purchase ad space, which is linked to an exploit kit. The ad might be a provocative image, a message notification or an offer for free software.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">When you click on the ad, the exploit kit scans your system for information about its software, operating system, browser details and more. If the exploit kit detects a vulnerability, it attempts to install ransomware on the user’s machine. Many major ransomware attacks spread through malvertising, including CryptoWall and Sodinokibi.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><u>Prevention tips</u></span></p><ul> <li data-xf-list-type="ul"><span style="font-size: 18px">Keep your operating system, applications and web browsers up to date.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Disable plugins you don’t regularly use.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Use an ad blocker. The Emsisoft lab team recommends uBlock Origin.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Enable click-to-play plugins on your web browser, which prevents plugins such as Flash and Java from running automatically. A lot of malvertising relies on exploiting these plugins.</span></li> </ul><p></p><p><span style="font-size: 18px"><strong>4. Drive-by downloads</strong></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">A drive-by download is any download that occurs without your knowledge. Ransomware distributors make use of drive-by downloads by either hosting the malicious content on their own site or, more commonly, injecting it into legitimate websites by exploiting known vulnerabilities.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">When you visit the infected website, the malicious content analyzes your device for specific vulnerabilities and automatically executes the ransomware in the background.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">Unlike many other attack vectors, drive-by downloads don’t require any input from the user. You don’t have to click on anything, you don’t have to install anything and you don’t have to open a malicious attachment – visiting an infected website is all it takes to become infected.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><u>Prevention tips</u></span></p><ul> <li data-xf-list-type="ul"><span style="font-size: 18px">Always install the latest software security patches.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Remove unnecessary browser plugins.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Install an ad-blocker such as uBlock Origin.</span></li> </ul><p></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><strong><span style="font-size: 22px">5. Pirated software</span></strong></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">Ransomware is known to spread through pirated software. Some cracked software also comes bundled with adware, which may be hiding ransomware, as was the case in the recent STOP Djvu campaign (free decryptor available here). In addition, websites that host pirated software may be more susceptible to malvertising or drive-by downloads.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">The use of pirated software may also indirectly increase the risk of ransomware infection. Typically, unlicensed software doesn’t receive official updates from the developer, which means users may miss out on critical security patches that can be exploited by attackers.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><u>Prevention tips</u></span></p><ul> <li data-xf-list-type="ul"><span style="font-size: 18px">Avoid using pirated software.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Don’t visit websites that h<strong><u>ost pirated software, cracks, activators or key generators.</u></strong></span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Be careful of software deals that are too good to be true.</span></li> </ul><p><strong></strong></span></p><p><span style="font-size: 18px"><strong>6. USB drives and portable computers</strong></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">USB drives and portable computers are a common delivery vehicle for ransomware. Connecting an infected device can lead to ransomware encrypting the local machine and potentially spreading across the network.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">Typically this is inadvertent – a member of staff unwittingly plugs in an infected USB drive, which encrypts their endpoint – but it can also be deliberate. For example, a few years ago, residents of Pakenham, a suburb in Melbourne, discovered unmarked USB drives in their mailboxes. The drives contained ransomware masquerading as a promotional offer from Netflix.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><u>Prevention tips</u></span></p><p><span style="font-size: 18px"> <ul> <li data-xf-list-type="ul"><span style="font-size: 18px">Never plug in unknown devices to your computer.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Don’t plug in your devices to shared public systems such as photo-printing kiosks and computers at Internet cafes.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Businesses should implement and maintain robust BYOD security policies.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Use reputable antivirus software that can scan and protect removable drives.</span></li> </ul><p></p><p><span style="font-size: 18px"><strong>7. Remote desktop protocol</strong></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">RDP, a communications protocol that allows you to connect to another computer over a network connection, is another popular attack vector. Some examples of ransomware that spread via RDP include SamSam, Dharma and GandCrab, among many others.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">By default, RDP receives connection requests through port 3389. Cybercriminals take advantage of this by using port-scanners to scour the Internet for computers with exposed ports. They then attempt to gain access to the machine by exploiting security vulnerabilities or using brute force attacks to crack the machine’s login credentials.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">Once the attacker has gained access to the machine, they can do more or less anything they wish. Typically this involves disabling your antivirus software and other security solutions, deleting accessible backups and deploying the ransomware. They may also leave a backdoor they can use in the future.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><u>Prevention tips</u></span></p><ul> <li data-xf-list-type="ul"><span style="font-size: 18px">Use strong passwords.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Change the RDP port from the default port 3389.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Only enable RDP if necessary.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Use a VPN.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Enable 2FA for remote sessions.</span></li> </ul><p></p><p><span style="font-size: 18px"><strong>8. MSPs and RMMs</strong></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">Cybercriminals frequently target managed service providers (MSPs) with phishing attacks and by exploiting the remote monitoring and management (RMM) software commonly used by MSPs.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">A successful attack on an MSP can potentially enable cybercriminals to deploy ransomware to the MSP’s entire customer base and put immense pressure on the victim to pay the ransom. In August 2019, 22 towns in Texas were hit with ransomware that spread via MSP tools. Attackers demanded $2.5 million to unlock the encrypted files.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><u>Prevention tips</u></span></p><ul> <li data-xf-list-type="ul"><span style="font-size: 18px">Enable 2FA on RMM software.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">MSPs should be hyper-vigilant regarding phishing scams.</span></li> </ul><p></p><p><span style="font-size: 18px"><strong>9. Network propagation</strong></span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">While older strains of ransomware were only capable of encrypting the local machine they infected, more advanced variants have self-propagating mechanisms that allow them to move laterally to other devices on the network. Successful attacks can cripple entire organizations.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px">Some of the most devastating ransomware attacks in history featured self-propagation mechanisms, including WannaCry, Petya and SamSam.</span></p><p><span style="font-size: 18px"></span></p><p><span style="font-size: 18px"><u>Prevention tips</u></span></p><ul> <li data-xf-list-type="ul"><span style="font-size: 18px">Segment your network and apply the principle of least privilege.</span></li> <li data-xf-list-type="ul"><span style="font-size: 18px">Implement and maintain a reliable ransomware backup strategy.</span></li> </ul><p></p><p><strong>Original Article </strong>: <a href="https://blog.emsisoft.com/en/35083/how-ransomware-spreads-9-most-common-infection-methods-and-how-to-stop-them/?ref=ticker191219" target="_blank">https://blog.emsisoft.com/en/35083/how-ransomware-spreads-9-most-common-infection-methods-and-how-to-stop-them/?ref=ticker191219</a></p></blockquote><p></p>
[QUOTE="Sam Walton, post: 25024749, member: 566130"] [B][SIZE="6"]How ransomware spreads: 9 most common infection methods and how to stop them [/SIZE][/B] [SIZE="5"]Cybercriminals are looking for creative new ways to hold your data hostage. [B]Other Useful Threads:[/B] [url]http://www.elakiri.com/forum/showthread.php?p=24602081#post24602081[/url] [url]http://www.elakiri.com/forum/showthread.php?p=24622231#post24622231[/url] [B]1. Email attachments[/B] Ransomware is commonly distributed via emails that encourage the recipient to open a malicious attachment. The file can be delivered in a variety of formats, including a ZIP file, PDF, Word document, Excel spreadsheet and more. Once the attachment is opened, the ransomware may be deployed immediately; in other situations, attackers may wait days, weeks or even months after infection to encrypt the victim’s files, as was the case in the Emotet/Trickbot attacks. [U]Prevention tips[/U] [LIST] [*]Only open attachments from trusted senders. [*]Check that the sender’s email address is correct. Remember that domain names and display names can easily be spoofed. [*]Do not open attachments that require you to enable macros. If you believe the attachment is legitimate, seek guidance from your IT Department. [*]Read this guide for more information on how to avoid phishing emails. [/LIST] [B]2. Malicious URLs[/B] Attackers also use emails and social media platforms to distribute ransomware by inserting malicious links into messages. During Q3 2019, almost 1 in 4 ransomware attacks used email phishing as an attack vector, according to figures from Coveware. To encourage you to click on the malicious links, the messages are usually worded in a way that evokes a sense of urgency or intrigue. Clicking on the link triggers the download of ransomware, which encrypts your system and holds your data for ransom. [U]Prevention tips[/U] [LIST] [*]Be wary of all links embedded in emails and direct messages. [*]Double-check URLs by hovering over the link before clicking. [*]Use CheckShortURL to expand shortened URLs. [*]Manually enter links into your browser to avoid clicking on phishing links. [/LIST] [B]3. Malvertising[/B] Malvertising (malicious advertising) is becoming an increasingly popular method of ransomware delivery. Malvertising takes advantage of the same tools and infrastructures used to display legitimate ads on the web. Typically, attackers purchase ad space, which is linked to an exploit kit. The ad might be a provocative image, a message notification or an offer for free software. When you click on the ad, the exploit kit scans your system for information about its software, operating system, browser details and more. If the exploit kit detects a vulnerability, it attempts to install ransomware on the user’s machine. Many major ransomware attacks spread through malvertising, including CryptoWall and Sodinokibi. [U]Prevention tips[/U] [LIST] [*]Keep your operating system, applications and web browsers up to date. [*]Disable plugins you don’t regularly use. [*]Use an ad blocker. The Emsisoft lab team recommends uBlock Origin. [*]Enable click-to-play plugins on your web browser, which prevents plugins such as Flash and Java from running automatically. A lot of malvertising relies on exploiting these plugins. [/LIST] [B]4. Drive-by downloads[/B] A drive-by download is any download that occurs without your knowledge. Ransomware distributors make use of drive-by downloads by either hosting the malicious content on their own site or, more commonly, injecting it into legitimate websites by exploiting known vulnerabilities. When you visit the infected website, the malicious content analyzes your device for specific vulnerabilities and automatically executes the ransomware in the background. Unlike many other attack vectors, drive-by downloads don’t require any input from the user. You don’t have to click on anything, you don’t have to install anything and you don’t have to open a malicious attachment – visiting an infected website is all it takes to become infected. [U]Prevention tips[/U] [LIST] [*]Always install the latest software security patches. [*]Remove unnecessary browser plugins. [*]Install an ad-blocker such as uBlock Origin. [/LIST] [B][SIZE="6"]5. Pirated software[/SIZE][/B] Ransomware is known to spread through pirated software. Some cracked software also comes bundled with adware, which may be hiding ransomware, as was the case in the recent STOP Djvu campaign (free decryptor available here). In addition, websites that host pirated software may be more susceptible to malvertising or drive-by downloads. The use of pirated software may also indirectly increase the risk of ransomware infection. Typically, unlicensed software doesn’t receive official updates from the developer, which means users may miss out on critical security patches that can be exploited by attackers. [U]Prevention tips[/U] [LIST] [*]Avoid using pirated software. [*]Don’t visit websites that h[B][U]ost pirated software, cracks, activators or key generators.[/U][/B] [*]Be careful of software deals that are too good to be true. [/LIST] [B] 6. USB drives and portable computers[/B] USB drives and portable computers are a common delivery vehicle for ransomware. Connecting an infected device can lead to ransomware encrypting the local machine and potentially spreading across the network. Typically this is inadvertent – a member of staff unwittingly plugs in an infected USB drive, which encrypts their endpoint – but it can also be deliberate. For example, a few years ago, residents of Pakenham, a suburb in Melbourne, discovered unmarked USB drives in their mailboxes. The drives contained ransomware masquerading as a promotional offer from Netflix. [U]Prevention tips[/U] [LIST] [*]Never plug in unknown devices to your computer. [*]Don’t plug in your devices to shared public systems such as photo-printing kiosks and computers at Internet cafes. [*]Businesses should implement and maintain robust BYOD security policies. [*]Use reputable antivirus software that can scan and protect removable drives. [/LIST] [B]7. Remote desktop protocol[/B] RDP, a communications protocol that allows you to connect to another computer over a network connection, is another popular attack vector. Some examples of ransomware that spread via RDP include SamSam, Dharma and GandCrab, among many others. By default, RDP receives connection requests through port 3389. Cybercriminals take advantage of this by using port-scanners to scour the Internet for computers with exposed ports. They then attempt to gain access to the machine by exploiting security vulnerabilities or using brute force attacks to crack the machine’s login credentials. Once the attacker has gained access to the machine, they can do more or less anything they wish. Typically this involves disabling your antivirus software and other security solutions, deleting accessible backups and deploying the ransomware. They may also leave a backdoor they can use in the future. [U]Prevention tips[/U] [LIST] [*]Use strong passwords. [*]Change the RDP port from the default port 3389. [*]Only enable RDP if necessary. [*]Use a VPN. [*]Enable 2FA for remote sessions. [/LIST] [B]8. MSPs and RMMs[/B] Cybercriminals frequently target managed service providers (MSPs) with phishing attacks and by exploiting the remote monitoring and management (RMM) software commonly used by MSPs. A successful attack on an MSP can potentially enable cybercriminals to deploy ransomware to the MSP’s entire customer base and put immense pressure on the victim to pay the ransom. In August 2019, 22 towns in Texas were hit with ransomware that spread via MSP tools. Attackers demanded $2.5 million to unlock the encrypted files. [U]Prevention tips[/U] [LIST] [*]Enable 2FA on RMM software. [*]MSPs should be hyper-vigilant regarding phishing scams.[/LIST] [B]9. Network propagation[/B] While older strains of ransomware were only capable of encrypting the local machine they infected, more advanced variants have self-propagating mechanisms that allow them to move laterally to other devices on the network. Successful attacks can cripple entire organizations. Some of the most devastating ransomware attacks in history featured self-propagation mechanisms, including WannaCry, Petya and SamSam. [U]Prevention tips[/U] [LIST] [*]Segment your network and apply the principle of least privilege. [*]Implement and maintain a reliable ransomware backup strategy. [/LIST][/SIZE] [B]Original Article [/B]: [url]https://blog.emsisoft.com/en/35083/how-ransomware-spreads-9-most-common-infection-methods-and-how-to-stop-them/?ref=ticker191219[/url] [/QUOTE]
Insert quotes…
Verification
Asuwa dahayen wadi kalama keeyada?
Post reply
Top
Bottom