Ransomware is malware designed to break into, in some cases extract and encrypt the victim’s data. With this encryption the files become inaccessible, and a ransom is charged so that the victim can access their files again.
Hackers always target companies with large amounts of data on their servers; the more data that is encrypted, the higher the ransom. Therefore, the main targets of attacks are: Servers, virtual machines, NAS, DAS, SAN storage, RAID systems, databases and others. In short, every device that stores data is a target for criminals.
Although ransomware groups are extremely sophisticated in their attacks, there are barriers they have to overcome, which are not easy at all, and the main one is breaking into the victim’s system. Companies have invested heavily in firewalls, antivirus, anti-ransomware and, above all, in training for their employees. For this reason, criminals have created strategies to circumvent these defences.
Forms of Ransomware Attacks
Although there is all this investment in security, none of it guarantees 100 per cent data security, and hackers take advantage of these loopholes for their attacks. Let’s take a look at the main tactics they use to break into their victim’s network.
Via RDP (Remote Desktop Protocol)
RDP is a Windows port for remote access, hacker groups use a brute force attack to access the network and take it over, thus installing ransomware.
It is necessary to develop protocols for remote access, and to limit the users that can access them, as well as having strong passwords. This tactic is used to attack specific targets.
Spam e-mail campaigns
Spam email campaigns consist of mass emails containing malicious links or attached documents, the most common of which are .word, .excel, .pdf, .jpg and others. The emails are designed to be identical to emails from large companies such as banks, post offices, shops and the like.
This campaign relies on the inattention of the user, the maxim is, never download files from emails from unknown senders. Employee awareness is vital for large companies.
Unofficial/Cracked Programs
You can find almost any program for free on the internet, they may not even charge to be downloaded, but they can buy a much higher value later.
Ransomware groups hide their malware in these programmes and can manifest themselves long after the programme has been downloaded, so that the connection with the downloaded programme is not evident.
These programs when downloaded ask the user to disable Windows security, this is like opening the doors of a house for the hijacker to enter.
Never download these programs, always opt for official programs.
Phishing
Phishing is the simplest tactic, but also one of the most dangerous. It is not based on a flaw in the system, but on the inattention of the user, who can divulge a username and password so that the group can break into the system without the resistance of firewalls.
Phishing goes beyond email and can also be used on unsecured websites, such as pop-ups that, once clicked, take users to pages with emergency messages requesting personal information.
Employee awareness is the best countermeasure for this type of tactic.
Employee Grooming
This tactic is one of the most damaging that hackers use, as it has the ability to bring to its knees all the investment the company has made in firewalls, antivirus, training, etc.
Groups have already been identified that have contacted employees through LinkedIn, offering high values for their credentials.
Conclusion
These are the most commonly used tactics by hackers, but they are not the only ones. There are several groups that look for new avenues to make attacks.
Ransomware is a branch of malware that has surprisingly increased its attacks.
The most important care is the backup routine, it is not intended to prevent ransomware attacks, but it is a safeguard in case an attack happens.
But even if the backup is encrypted by the ransomware, there is still a way out, the decryption of the ransomware files by RansomHunter.