April 19, 2018
How is Ransomware Spread?
Ransomware attacks have emerged as a major threat to individuals and businesses alike. When the malware is run, it locks the victim’s files and allows criminals to demand payment to release them.
There are some common types of ransomware and it's a great strategy to maintain a working knowledge of the evolving landscape. Historically, Microsoft Office, Adobe PDF and image files have been targeted, but McAfee predicts that additional types of files will become targets as ransomware continues to evolve. Most ransomware uses the AES algorithm to encrypt files, though some use alternative algorithms. To decrypt files, cybercriminals typically request payment in the form of a cryptocurrency like bitcoin. The standard rate is about $500, though we’ve seen much higher. Cybercriminals behind ransomware attacks typical focus wealthy countries and cities where people and businesses can afford to pay the ransom.
Spam is the most common method for distributing ransomware. It is generally spread using some form of social engineering; victims are tricked into downloading an e-mail attachment or clicking a link. Fake email messages might appear to be a note from a friend or colleague asking a user to check out an attached file, for example. Or, email might come from a trusted institution (such as a bank) asking you to perform a routine task. Sometimes, ransomware uses scare tactics such as claiming that the computer has been used for illegal activities to coerce victims. Once the user takes action, the malware installs itself on the system and begins encrypting files. It can happen in the blink of an eye with a single click.
Another common method for spreading ransomware is a software package known as an exploit kit. These packages are designed to identify vulnerabilities and exploit them to install ransomware. In this type of attack, hackers install code on a legitimate website that redirects computer users to a malicious site. Unlike the spam method, sometimes this approach requires no additional actions from the victim. This is referred to as a “drive-by download” attack.