Bitdefender details typical gateways for extortion attacks and five ways small business hackers infect machines with ransomware: pirated software, phishing, supply chain, IoT, and tech support scams.
Ransomware attacks are now commonplace. Most of the time, companies are targeted by the attackers, because this is where the big money beckons. But that doesn't mean that private users aren't safe. Cyber criminals rely on mass and continuous income from smaller amounts. Such attacks against consumers are increasing. The potential victims should therefore know the most important attack vectors.
5 Pathways of a Typical Ransomware Attack
Bitdefender enumerates below five ways by which the hackers spread their data-encrypting malware to the victims' hardware.
Warez sites, torrents, cracked software
Some of the most common places to get infected with ransomware are on warez sites and torrents. Here, users usually download pirated content or unofficial software bundles that are not verified by official sources. These already questionable channels are the perfect opportunity for ransomware to sneak in unnoticed. A popular computer game or video content serves as a trusted front for infected software packages used to install the ransomware itself.
Remedy: hands off!
Pirated software is fundamentally problematic and also harbors an incalculable risk of ransomware. You can only advise against it.
Phishing (emails)
Arguably by far the most popular attack vector for all types of cyberattacks, phishing is a common method for placing ransomware on computers. The attacks are becoming more and more professional and difficult for many users to recognize. This is how attackers build deceptively real copies of legitimate websites. Alternatively, they use spam messages to trick their unsuspecting victims into clicking on a link to claim a supposed prize or to download and open attachments.
Remedy: Check all offers
The attackers often give themselves away through small details in their corporate identity or in correspondence. An incorrect address can be an important clue. It is also advisable to be able to contact the company in another way to rule out an attempt at fraud. The more attractive the offer is, the more careful users should be.
Supply Chain
But even downloading official software can bring a nasty malware surprise. Some attackers succeed in infecting the supply chain and thus official software versions with ransomware through a vulnerability in the official software provider. A possible example would be popular freeware video players such as VLC.
That sounds unlikely, but it happens all the time. The most famous example is the KeRanger ransomware strain, which primarily attacks Macs via a popular BitTorrent client: In 2016, hackers managed to hack The Transmission Project and infected the official Transmission binary build with KeRanger ransomware . Thanks to Transmission's valid security certificate, which OS X has verified, the cybercriminals were able to circumvent OS X's own XProtect antivirus technology. The user installed the ransomware-infected Transmission app himself.
Remedy: security software
It is perhaps rare that users can still acquire ransomware even if all precautions are taken. For these rare but expensive cases, a modern security solution on the computer offers the necessary protection - regardless of the respective operating system.
Unprotected IoT devices
The Internet of Things, which is being used more and more by private users, also poses a risk. An unpatched or misconfigured router opens the door to hackers' computers. Attackers use the Internet to automatically search for router vulnerabilities and the respective installed systems. Thanks to special tools, they don't have to do much with it and can automatically and profitably attack a large number of systems.
However, even more common are inadequately protected or misconfigured network storage devices (Network Attached Storage/NAS). Recently, for example, users of QNAP NAS devices have been increasingly targeted by attackers. These take advantage of either unprotected shares or vulnerabilities in the product itself.
Remedy: Safety-conscious purchase
In general, anyone who uses such hardware should always observe the manufacturer's security recommendations and always keep the firmware up to date. If both or security certificates are not available, it is better not to buy such systems. If there is reason to believe that attackers will exploit a zero-day vulnerability, users should secure the device behind a firewall and isolate it from the internet until the problem is resolved.
Tech Support Scam
Another way of spreading ransomware is the so-called tech support scam. Fraudsters are particularly targeting older people and other vulnerable target groups. They convince their victims that they need technical assistance and that they need to grant them remote access to their computers for that purpose.
Tech support scammers use no actual ransomware to launch their ransomware attacks. Instead, they use Syskey, a now deprecated Windows NT component that encrypts the Security Account Manager (SAM) database with a 128-bit RC4 key. It was only discontinued decades later with Windows 10 because its encryption was no longer secure and it was also repeatedly misused for ransomware attacks. But users should not be fooled: support scammers use real ransomware instead and they don't miss an opportunity to encrypt your data.
Remedy: Caution!
Distrust is half the battle to prevent such attacks. Common sense says: As a rule, problems on the PC are first recognized by oneself and a call from someone unknown is more than unusual. Reputable providers do not knock on the door of consumers without being asked. Anyone who knows older or young people should point out that it is better to block such contacts from the outset. If you have problems, the manufacturer support or the specialist shop is the right choice.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de