Top 3 Attack Vectors Ransomware Loves to Exploit

By Fortra's Digital Defense

At the ripe old age of 30, Ransomware could be considered antique in the malware world. This particular type of malicious software has been around since 1989, when the first version was created by the “Father of Ransomware”, Joseph L. Popp. Disseminated via mailed floppy disks, the program demanded a hefty ransom of $189 to free victims’ data.

A lot has changed since then and ransomware has matured in both sophistication and reach. Its popularity continues to skyrocket, with ransomware attacks up 485% in 2020 according to Bitdefender. Ransom payments have also grown with the times, averaging more than $220,000 in Q1 2021.  With so much earning potential, it’s no wonder ransomware is often the malware of choice for malicious actors targeting organizations.

The Ransomware Appeal

Cyber attackers choose to use ransomware for a number of reasons. As previously mentioned, it can be very lucrative. Organizations are generally inclined to pay a ransom rather than risk interrupting the flow of business and losing consumer trust.  Additionally, the margins are good. There are several cheap and easy attack vectors that can be used to launch a ransomware attack. Cyber attackers can put in minimal effort and get maximum payout. Three of the most common ransomware attack vectors are:

  • Remote desktop protocol (RDP)
  • Email phishing
  • Software vulnerabilities

Phishing for Credentials

Phishing rose to #1 in Q4 of 2020 as the most used ransomware attack vector. Using links, attachments, or both, an email phishing attack seeks to trick users into taking some sort of action. Phishing emails containing links may appear to come from a known contact asking a user to enter credentials for a bogus purpose. Those credentials are then stolen and used to access key systems on which ransomware can be installed.  Other tactics include asking the user to click on a fake attachment, after which ransomware begins automatically downloading.

When it comes to mitigating the risk of compromise via phishing, knowledge truly is power. It is crucial to educate employees about the dangers of phishing emails so they can be your organization’s first line of defense. This is best done through a professional employee security awareness program, which includes multiple steps and quizzes to determine comprehension. These programs improve employee awareness about many potential security pitfalls, such as email phishing, and best practices like proper password protocol and overall good cyber hygiene.

Try the Frontline Social Test™ assessment and see if your team is susceptible to social cyber attacks.

Remote Desktop Protocol (RDP)  

Cheap, easy, and highly available, RDP is the second most popular attack vector by a small margin. RDP ports are often poorly secured and easily compromised. Additionally, RDP security relies heavily on proper password protocol, which can be ignored by users.  Less-skilled cyber attackers can easily infiltrate weakly protected RDPs to harvest credentials. Or, if that’s too much work, they can just buy RDP credentials on the dark web, with some selling as cheaply as $20 each.

Once malicious actors attain credentials, they can bypass endpoint protection and begin wreaking havoc on enterprise systems, including wiping or encrypting data backups. For organizations to gain access to their own data or retrieve it, they must transfer ransom money to a bitcoin account or some other cryptocurrency repository.

Strengthening your RDP really comes down to observing some basic cyber hygiene best practices, including:

  • Putting RDP behind a firewall
  • Requiring strong passwords
  • Employing two-factor authentication
  • Limiting IP Access
  • Maintaining logs and monitoring RDP
  • Consistently backing up data
  • Running regular vulnerability and threat scans
  • Making vulnerability remediation a priority
  • Enforcing best practices among your users

Speaking of users, it is important to ensure your end users are sufficiently educated about security best practices, such as practicing proper password protocol. Their overall security awareness will not only improve RDP security, but can help shut down other ransomware attack vectors, such as email phishing.

Patchy Protection

Software vulnerabilities come in third among common ransomware delivery methods. Unpatched software not only opens the door to malware intrusions, but lays out a welcome mat as well.  In some cases, when software is not properly updated or patched, attackers can access networks without having to harvest credentials. Once in the system, they begin attacking key programs and viewing or exfiltrating sensitive data. Additionally, many types of ransomware have evolved to forms that are difficult to detect, therefore extending their dwell time for maximum destruction.

Do you have malware hiding out in your networks?

Frontline ATS™ will sniff out active threats so you can eradicate them.

How to Prevent a Ransomware attack or Tips to Prevent a Ransomware Attack

These may seem like simple methods, but sometimes the easiest solution is the correct one, especially when it comes to ensuring your organization's cybersecurity.  Here are some tips to protect and prevent ransomware attacks:

Never click on unknown or unsafe links.  Spam and malicious software can download automatically and compromise your system.

Do not disclose personal info.  Unsolicited calls, texts, emails asking for your information can be a set up for a larger phishing attempt, never give your information out.

Never open unknown email attachments.  Pay close attention to the sender, the email address, and the details of the email.  Any attachment that is unknown can contain malicious programs to infect your computer.

Do not plug in found/unknown USB sticks.  These are most likely infected and left in a public place by cybercriminals.  Once plugged in, they can deploy harmful programs.

Keep computer programs up-to-date.  Simple, update your software to prevent any vulnerabilities and keep the latest version secure.

Download only from known sources.  A recurring message in these tips, never trust software from an unknown area.  Only download from trustworthy sites to make sure that it's authentic and not corrupted.

Use VPN security on public Wifi.   Using public Wifi opens you up to attacks, it's best to use a VPN service to protect yourself when on a public connection.

To ensure vulnerabilities are not exploited, you need to identify and eliminate them. Effective vulnerability management (VM) is the only way to keep current tabs on all of your vital systems and their security. Vulnerability scans can identify system weaknesses and, when paired with the right management capabilities, can help you develop an effective plan to remediate them. It’s essential to choose the right VM tools that provide the accuracy, efficiency, and guidance your team needs to tackle the most important vulnerabilities first. Once you have a scalable, sustainable VM program in place, you’ll be able to fend off many future ransomware and other malware attacks effectively.


Let us help your team identify and eliminate system weaknesses.

Contact us to learn more about our Vulnerability and Threat Management Solutions today.

Share This