How does ransomware spread through a network?

Ransomware can spread through your organization in different ways, including:

1. Compromised credentials

The easiest and fastest way for hackers to break into your network is through compromised credentials. With credentials readily available on the Dark Web or via Network Access Brokers (also known as Initial Access Brokers), threat actors can quickly impersonate an authorized user and gain access to critical systems and data.

2. Attachments to emails

Ransomware can start with phishing emails. Attackers can extensively research your employees’ and executives’ information available on the surface, deep, and dark web, as well as social media, to create a credible-looking email that members of your staff will feel compelled to open.

These phishing emails may contain malicious attachments. Once you open the attachment, the ransomware can encrypt your files.

3. In-car download

A user visits an infected website, which triggers the download of malware without their knowledge and requires no human interaction. An employee simply has to visit an infected site and the ransomware is injected into their devices.

4. Malicious links

Malicious links can be embedded in phishing emails or smishing text messages, compromised websites and/or malicious social media profiles. These links are often accompanied by an urgent message, which encourages users to click on them. Once the user clicks on the link, the ransomware is downloaded.

5. Malvertisement

As part of malvertising, ransomware attackers buy advertising space on high-traffic, legitimate websites. They then list advertisements that entice users to click on them. Ads are connected to an exploit kit, which targets unpatched vulnerabilities on a device or app.

Kevin M. Risinger