Ransomware is a type of malware that encrypts a victim’s files and demands a ransom to decrypt them. If an organization falls victim to a ransomware attack, it can result in significant business interruption and financial loss.
As one of the most prevalent forms of cybercrime, ransomware attacks have been affecting organizations of all sizes across all industries. These attacks cost businesses an estimated $20 billion in 2021 alone, which doesn’t account for profits lost to downtime and related expenses after a cyber incident occurs.
Here are three examples of tactics used by cyber criminals to orchestrate ransomware attacks: phishing scams, drive-by downloads, and software or network exploits.
Phishing Scams
Phishing can occur as an email, text message, instant message, or even a phone call. An attacker poses as someone who is personally known, or a trusted legitimate entity, and attempts to steal information, usually login credentials, that can help them invade a company’s network.
These phishing scams rely on social engineering. They attempt to incite fear into an individual in hopes that person will panic and provide personal or confidential information, without stopping to think their actions through or confirm the identity of the person with whom they believe they are corresponding.
For example, a phishing email could spoof an email from your HR department’s benefits portal, telling you that if you don’t log in and confirm your elections immediately, you will not be eligible for health insurance coverage. In a panic, you click the link in the email and log in to the fake website, giving your credentials to the scammer, who can use them to access your company’s network.
Or, an IM could spoof your boss’ administrative assistant (the scammer having looked up the person’s name and title on LinkedIn), telling you that your boss needs you to click the included link immediately and review suspicious activity on your company credit card, or it will be frozen and you could be charged with fraud. Alarmed, you log in to the fake website with the same credentials that you use to log into your company’s VPN, and now the scammer can log into the VPN too, and from there initiate a ransomware attack.
Drive-by Downloads
A drive-by download, per the UC Berkeley Information Security Office, “occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.”
This type of cyberattack is especially insidious because you may not realize it has happened until it’s too late.
Typically, this type of attack will occur in the same manner as a phishing scam. You will get an email, text, or IM purportedly from a legitimate source, directing you to click a specific link within the message to complete an activity—verifying personal information, taking a survey, or to download a business document.
The website you visit will be fake, and it will surreptitiously download malware onto your physical machine, leaving it vulnerable to hackers who can access your company’s network via your device and launch a ransomware attack.
Software or Network Exploits
Ransomware attacks can also occur if hackers are able to exploit a vulnerability inherent in a company’s network or their enterprise software applications. Often, software providers will discover these susceptible points and release patches to eliminate the vulnerability, but these fixes only work if the software in question is updated regularly, which doesn’t always happen in a corporate environment – especially one with lax cybersecurity.
For example, according to IT news site ZDTech, an undisclosed company fell victim to a ransomware attack due to a network security vulnerability. The software provider in question had identified the flaw and had released a fix for it, but the company in question hadn’t installed security updates for this software in three years, allowing the cyber criminals to exploit the known defect.
From there, the hackers obtained login and verification credentials, accessed the network, and deployed a ransomware attack – one that could have been easily prevented with annual software updates and maintenance.
How to Protect Your Business from Ransomware Attacks
Despite the risks, many organizations do not have adequate defenses in place to protect themselves against cyber attacks. In many cases, this is due to information overload – there are so many different considerations and elements to a solid cybersecurity defense that it is hard to know where to start, or what should take priority.
We’ve written multiple articles about the different aspects of cybersecurity to help organizations learn about various issues, such as:
If the prospect of updating your company’s cybersecurity protocols is still too daunting, your best bet is to consult a professional. Socium Solutions can assess your current cybersecurity setup and defenses and recommend steps and strategies to cover any shortfalls.
If needed, they can also assist in implementing the recommended measures, training your IT team and/or employees in cyberattack prevention, or even manage your cybersecurity defenses completely.
Don’t fall victim to a ransomware attack due to lack of preparation or training. Contact us today so we can help you protect your company, your network, and your employees.