What are some of the ways ransomware is spread quizlet?

by
What are some of the ways ransomware is spread quizlet

Ransomware is a form of malware that encrypts files on a victim’s computer, rendering them inaccessible. The attacker then demands a ransom payment in exchange for the decryption key to restore access to the files. Ransomware has become a lucrative criminal enterprise, with estimates of over $1 billion paid in ransoms in 2016 alone. There are several common vectors through which ransomware is spread.

Email Phishing

One of the most common ways ransomware finds its way onto computers is through phishing emails containing malicious attachments or links. The email will contain content designed to get the user to click and activate the malware.

Common phishing email themes include:

  • Fake invoice or bills
  • Delivery notifications
  • Job applications
  • Security alerts

Once activated, the ransomware can rapidly encrypt files on the local system and any connected drives or network shares. Users should be suspicious of unsolicited emails asking them to open attachments or click links.

Infected Websites

Malvertising refers to malicious ads used to spread malware through legitimate ad networks and websites. Ransomware operators will pay to have tainted ads run on trusted sites. When a user clicks on one of these ads, code is executed to download and install ransomware onto their computer without their knowledge.

Similarly, some websites themselves become compromised to include malicious code that infects visitors. Known as a watering hole attack, these are targeted attempts to breach a specific group by infecting websites they frequent. Users should keep browsers and plug-ins up-to-date and avoid clicking suspicious ads or pop-ups.

Software Bundling

Some shady download sites bundle ransomware in with the installation of other legitimate free software. The user intends to only install the free program but unintentionally infects their system with ransomware at the same time. Only reputable sites and sources should be used to download software.

Drive-By-Downloads

Drive-by-downloads occur when visiting a compromised website causes ransomware to automatically download onto your computer without any action required on the user’s part. This relies on security vulnerabilities in web browsers and their plugins. Keeping software patched and updated can mitigate this vectors.

Remote Desktop Protocol

Poorly secured Remote Desktop Protocol (RDP) connections can allow attackers to remotely access systems and install ransomware. Brute forcing weak credentials is a common means to gain access. Two-factor authentication should be used on RDP alongside strong passwords.

Software Vulnerabilities

Exploits targeting vulnerabilities in operating systems and applications can allow ransomware to be installed when a user visits a malicious site or opens a tainted file. The WannaCry and NotPetya outbreaks partially relied on exploiting vulnerabilities that had patches available. But systems that did not apply the patches were exposed. Prompt patching is key.

Malicious Macros

Microsoft Office documents with malicious macros embedded can install ransomware when opened. The macros are often delivered through phishing emails. Users should be very suspicious of documents asking them to enable macros, especially from unknown senders.

Network Propagation

Some ransomware variants have worm-like features that allow them to self-propagate across networks by exploiting vulnerabilities like those used by the EternalBlue NSA exploit leaked by the Shadowbrokers hacker group. Keeping systems fully patched prevents network spread.

Compromised Credentials

If an attacker gains access to login credentials through breached databases or password reuse, they can remotely login and install ransomware. Using password managers and enabling multi-factor authentication can reduce this threat.

Mitigation Strategies

There are several best practices individuals and organizations can employ to reduce the risk of ransomware infection:

  • Install and use antivirus software to detect known ransomware.
  • Keep all software up-to-date with the latest patches.
  • Exercise caution with emails and do not enable macros in Office docs.
  • Backup critical files regularly and keep a copy offline.
  • Use ad and script blocking browser extensions.
  • Restrict execution of macros in Office programs.
  • Disable RDP connections if not needed or require strong passwords.

Ransomware may be installed through a variety of vectors, with phishing emails and visiting malicious sites among the most prevalent. Users should exercise caution online and deploy layered security controls to reduce their exposure and impact if infected.

Ransomware Strains

There are numerous strains of ransomware that cybercriminals deploy, with new families constantly being developed. Some of the major strains include:

LockerGoga

Targets large enterprises, encrypting entire networks by compromising system administrators credentials.

Ryuk

Used in tailored, targeted attacks on large organizations over long periods.

STOP/Djvu

Prolific ransomware responsible for infecting millions of PCs.

Sodinokibi

Initial infection via exploit kits, then spreads across networks. Operators auction off access.

SamSam

Manual deployments through RDP, exploits Java and IIS vulnerabilities.

CryptoLocker

Early ransomware spread by email attachments, now mostly shut down.

WannaCry

Notorious 2017 outbreak exploiting Windows SMB vulnerability on unpatched systems.

NotPetya

Wiper disguised as ransomware. Caused massive disruption globally in 2017.

Cerber

Prolific ransomware-as-a-service allowing custom campaigns.

These are just a sample of the 100+ ransomware strains active today. New variants continue to surface as attackers refine techniques and code capabilities.

Recent Trends

Some developments related to ransomware attacks in recent years include:

  • Increased targeting of businesses over individual consumers.
  • Larger ransom demands, sometimes into the millions of dollars.
  • Exposure of data as well as encryption threats.
  • Ransomware-as-a-service lowering barrier to entry.
  • Cryptocurrency enabling hard-to-trace ransom payments.
  • Double extortion tactics threatening to publish data.

Attackers are getting more sophisticated and profit-driven. Some offer ransomware kits for subscription fees, allowing greater scale of attacks. The consequences of ransomware continue to rise for all sectors.

Most Common Ransomware Targets

Although ransomware campaigns cast a wide net, some sectors are more likely to be victimized. Favored targets include:

  • Healthcare
  • Education
  • State and local government
  • Finance
  • Manufacturing
  • Energy
  • Transportation

These industries often have sensitive data at stake, inadequate security postures, and a low tolerance for disruption, making them ideal ransomware targets. Attacks in 2021 highlighted the particular susceptibility of the healthcare sector to ransomware operations.

Ransomware Statistics

Key statistics about the ransomware landscape today include:

  • 205.4 million ransomware attacks detected globally in the first half of 2022 (SonicWall)
  • 78% of businesses experienced a ransomware attack in the previous 12 months (ThreatLocker)
  • Average ransom payment was $118,429 in 2020 (Unit 42)
  • Total ransoms paid jumped 82% YoY in 2020 (Unit 42)
  • 61% of malware in 2020 was ransomware (PurpleSec)
  • 91% of cyber insurance claims in 2020 were related to ransomware (Coalition)

The frequency and impact of attacks continues to accelerate. The FBI received over 2,400 ransomware complaints with losses exceeding $29.1 million in just 2021. Companies and agencies need to implement safeguards and incident response plans to manage this growing threat.

Notable Ransomware Attacks

Some high-profile ransomware attacks include:

Colonial Pipeline – 2021

Shut down a major US fuel pipeline for nearly a week, causing shortages and panic buying on the East Coast. The company paid a $4.4 million ransom.

JBS – 2021

Forced meat processing giant to halt operations at plants globally. JBS paid an $11 million ransom.

Kaseya – 2021

Breach of Kaseya’s VSA software allowed REvil ransomware to compromise up to 1,500 downstream businesses.

Ireland’s Health Service – 2021

Ransomware attack encrypted systems across Ireland’s national healthcare system, causing major care disruptions.

Garmin – 2020

WastedLocker ransomware knocked offline Garmin’s website, customer support, and production for days.

Travelex – 2020

Attack on the foreign currency exchange company left Travelex offline for a month.

These examples illustrate how ransomware can create massive disruption even in large enterprises. The trend underscores the importance of ransomware defenses and planning.

Conclusion

Ransomware remains a severe threat to individuals, businesses, and government entities globally. Attackers employ a variety of technical and social engineering tactics to infect systems then encrypt valuable data for financial gain. Continuing ransomware trends include larger ransom demands, sophisticated extortion tactics, and the targeting of entire networks and supply chains.

Organizations must implement layered defenses to detect and respond to ransomware attacks in a timely manner. Preventive controls, ongoing employee training, and reliable backups are key elements of an effective security program. Combating modern ransomware campaigns requires constant vigilance.

Leave a Comment