Let’s take a look at the first step in ransomware attacks: how ransomware enters your system.
Before we get into the details, take a look at the graphic attached to this blog. This was produced by CERTNZ and is an amazing resource for educating about ransomware. We’re going to use this graphic over the next few weeks, breaking it down step-by-step so that you understand the ins-and-outs of ransomware and how to protect your technology. (I recommend you keep this graphic for future reference and for educating colleagues and employees.)
This week, we’re looking at the first column of the graphic: Initial Access. In order for a criminal to infect your systems with ransomware, they have to gain access to your technology first. This can happen in a variety of ways, including the following:
1. Phishing and Password Guessing:
The results of phishing and password guessing are essentially the same: a criminal ends up with sensitive login information and uses it illegally. However, the process of gathering that information is different. In phishing, a criminal harvests passwords (or in other contexts, SSNs, bank information, etc.) by sending fraudulent emails that trick the recipient into giving away the information. Password guessing usually is accomplished by brute force trial-and-error guessing. (We’ll talk more about protections in a couple weeks, but if you want to know more about phishing and password guessing, see our earlier blogs.) Phishing and password guessing both allow criminals to gain access to internet-facing systems. Think about these systems as anything you can log into over the internet.
2. Exploiting Software Weaknesses:
Any time you utilize software on your system and allow it to run its programming, you are putting your systems at risk of experiencing the vulnerabilities the particular software experiences. If your data is connected to that software and then that software has a gap in security or gets hacked, your data is vulnerable. Criminals expose those software weaknesses and then attack systems connected to the software. Like phishing and password guessing, this can lead to criminals having access to internet-facing systems.
This attack strategy involves attaching a malicious document/download/link to an email and luring the recipient into opening/downloading the attachment. Essentially, the target is downloading the malware straight to their system.
You can see that these strategies for infecting your systems with ransomware start with little oversights: weak passwords, stolen information, software weakness, malicious emails. Ransomware doesn’t just happen; it’s a process. That’s why educating yourself and your staff is important. It’s important to guard against these strategies and to recognize where a weakness exists. Next week, we’ll talk about the damage that ransomware can do and then how to protect against it.