Ransomware is malware designed to break into, in some cases extract and encrypt the victim’s data. With this encryption the files become inaccessible, and a ransom is charged so that the victim can access their files again.
Hackers always target companies with large amounts of data on their servers, the more data encrypted, the higher the ransom. Therefore, the main targets of attacks are: Servers, Virtual Machines, NAS Storages, DAS, SAN, RAID systems, Database and others. In short, every device that stores data is a target for criminals.
Even though ransomware groups are extremely sophisticated in their attacks, there are barriers they need to overcome, which are not easy at all, and the main one is breaking into the victim’s system. Companies have been investing heavily in firewalls, antivirus, anti-ransom, and especially training for their employees.
For this reason, criminals have created strategies to circumvent these defenses.
Forms of Ransomware Attacks
Even though there is all this investment in security, none of them guarantees 100% data security, and hackers take advantage of these gaps for their attacks. Let’s see what are the main tactics they use to invade the victim’s network.
Via RDP (Remote Desktop Protocol)
RDP is a Windows port for remote access, hacker groups use a brute force attack to access the network and take it over, thus installing ransomware.
It is necessary to develop protocols for remote access, and to limit the users that can access them, as well as having strong passwords. This tactic is used to attack specific targets.
Spam e-mail campaigns
Spam email campaigns consist of a mass mailing of emails that contain malicious links or attached documents, these documents are the most common ones, such as .word, .excel, .pdf, .jpg and others.
The emails are designed to be identical to emails from large companies such as banks, post offices, stores, and the like.
This campaign relies on the inattention of the user, the maxim is, never download files from emails from unknown senders. Employee awareness is vital for large companies.
Unofficial/Cracked Programs
You can find almost any program for free on the internet, they may not even charge to be downloaded, but they can buy a much higher value later.
Ransomware groups hide their malware in these programs, and may manifest themselves long after the program is downloaded, so the connection to the downloaded program is not evident.
These programs when downloaded ask the user to disable Windows security, this is like opening the doors of a house for the hijacker to enter.
Never download these programs, always opt for official programs.
Phishing
Phishing is the simplest tactic, but also one of the most dangerous. It does not rely on a system flaw, but rather on the inattention of the user who may release a username and password, so that the group can break into the system without resistance from firewalls.
Phishing goes beyond email, and can also be used on unsecured sites such as pop-ups that once clicked on take users to pages with emergency messages requesting personal information.
Employee awareness is the best countermeasure for this type of tactic.
Employee Grooming
This tactic is one of the most damaging that hackers use, it has the ability to bring to its knees all the investment that the company has made in firewalls, antivirus, training, etc.
Groups have already been identified that have contacted employees through LinkedIn, offering high values for their credentials.
Conclusion
These are the most commonly used tactics by hackers, but they are not the only ones. There are several groups that look for new avenues to make attacks.
Ransomware is one branch of malware that has elevated its attacks in a surprising way, you can never be too careful with security.
The most important care is the backup routine, it is not intended to prevent ransomware attacks, but it is a safeguard in case an attack happens.
But even if the backup is encrypted by the ransomware, there is still a way out, the decryption of the ransomware files by RansomHunter.