How Does Ransomware Spread?

Ransomware is a type of malware that shuts you off from accessing files on your computer until you pay a ransom.

It might sound like a new type of malware but it has been around for longer than many believe. The first known ransomware was the AIDS Trojan back in 1989. The victims were asked to mail money to an address in Panama. The perpetrator of this attack was a biologist. He claimed that proceeds were used to fund research on Aids- the immune disease. He was caught but managed to avoid jail time.

Ransomware attacks have become more popular because of another unrelated factor; the growing popularity of bitcoins. If you are a victim and your data has been taken hostage, consider options like using a decryptor or working with authorities.

With older methods of payment, hackers could not perform large-scale attacks because it was easier for law enforcement to follow the money. With bitcoin, tracing the money is harder (nearly impossible), so cybercriminals can evade law enforcement more easily. No wonder the number of ransomware attacks grew in 2017, and they will continue increasing.

Below are the ways in which ransomware attacks spread:

  • Through security vulnerabilities
  • Email and private messaging
  • Malvertising

System Vulnerabilities

If you’ve heard about ransomware, chances are high that you heard of Wannacry. It is the single attack that made ransomware a household name. Before it, the general public was not so aware.

After the attack, security analysts tried to trace the attack and the found out that victims failed to update their Windows.

Two months before the attacks, Microsoft had released patches that fixed the vulnerability.

System vulnerabilities are usually weaknesses in the design of the software or operating system. If an attacker is aware of a vulnerability and can access it, then they can conduct attacks. This is how the Wannacry attack was carried out.

The scary part about vulnerabilities is that hackers can exploit them to conduct many attacks or create backdoors on your PC. However, researchers keep finding vulnerabilities and vendors create patches to make their products more secure.

So if you regularly update software and operating system, then your computer is not as vulnerable as someone who does not.

Email and Social Media Messages

This is the most effective and common way ransomware can spread. Emails and private messages come with links to the malware download.

Cybercriminals are getting more creative by the day too, nowadays they send emails that look like they are coming from reputable companies or government departments. The link in the mail looks like it will direct you to their websites.

If you did not expect the mail, do not click a link. Visit the website by typing the address. Also, most attackers use poor English and the emails will look suspicious because they don’t address you by name the way most corporate emails usually do.

Social media messages have also become useful for cybercrime. Consider malware that takes control of Facebook accounts and sends the same link to everyone on the friends list. Friends receive a message from you and trustingly click on the links believing you have sent the message.

To avoid falling for this kind of attack, avoid opening any links you were not expecting. You can reply to the friend to ask them if they specifically sent the link or randomly forwarded it.

Malvertising

Malvertising is a portmanteau of malware and advertising. It means that advertisements are laden with malware. Google blocks many malicious adverts every year because hackers go as far as buying ads.

How it works

Most websites rely on ads for revenue, especially reputable news sites. Criminals know this and they sign up to buy ads on such sites. They disguise the ads to look legitimate but they are packing malware.

Either of two things can happen after you click the ad. It can direct you to a page that automatically downloads ransomware into your PC, even if you did not click on any item on the page. This is an advanced type of attack, it is often called a drive-by download.

In less sophisticated attacks, you might need to click on a link in the malicious site for the download to start. Either way, the prospects are grim for internet users. But there is a way out.

Protect yourself

You might not be able to prevent a drive-by download, but you can ensure your PC is well set to combat it by using a powerful anti-malware program and ensuring every software and the operating system is updated.

Beyond that, you can refine browsing habits and use ad blockers. Some websites will ask you to disable ad blockers if you want to view their content.

Conclusion

Cybercriminals are doing their best to access your computer and take files hostage. Security companies are doing their best to create reliable protection from ransomware attacks. Now you know some of the tactics criminals are using to get to you.

Take the basic security measures like getting an anti-malware program and updating the system. Then avoid clicking on any suspicious or unsolicited links and you’re likely to avoid ransomware attacks.