Ransomware attacks are now commonplace. Most of the time, companies are targeted by the attackers, because this is where the big money beckons. But that doesn’t mean that private users aren’t safe. Cyber criminals rely on mass and continuous income from smaller amounts. Such attacks against consumers are increasing. The potential victims should therefore know the most important attack vectors.
Bitdefender enumerates below five ways by which the hackers spread their data-encrypting malware to the victims’ hardware.
Warez sites, torrents, cracked software
Some of the most common places to get infected with ransomware are on warez sites and torrents. Here, users usually download pirated content or unofficial software bundles that are not verified by official sources. These already questionable channels are the perfect opportunity for ransomware to sneak in unnoticed. A popular computer game or video content serves as a trusted front for infected software packages used to install the ransomware itself.
Remedy: hands off! Pirated software is fundamentally problematic and also harbors an incalculable risk of ransomware. You can only advise against it.
Arguably by far the most popular attack vector for all types of cyberattacks, phishing is a common method for placing ransomware on computers. The attacks are becoming more and more professional and difficult for many users to recognize. This is how attackers build deceptively real copies of legitimate websites. Alternatively, they use spam messages to trick their unsuspecting victims into clicking on a link to claim a supposed prize or to download and open attachments.
Remedy: Check all offers. The attackers often give themselves away through small details in their corporate identity or in correspondence. An incorrect address can be an important clue. It is also advisable to be able to contact the company in another way to rule out an attempt at fraud. The more attractive the offer is, the more careful users should be.
But even downloading official software can bring a nasty malware surprise. Some attackers succeed in infecting the supply chain and thus official software versions with ransomware through a vulnerability in the official software provider. A possible example would be popular freeware video players such as VLC.
That sounds unlikely, but it happens all the time. The most famous example is the KeRanger ransomware strain, which primarily attacks Macs via a popular BitTorrent client: In 2016, hackers managed to hack The Transmission Project and infected the official Transmission binary build with KeRanger ransomware . Thanks to Transmission’s valid security certificate, which OS X has verified, the cybercriminals were able to circumvent OS X’s own XProtect antivirus technology. The user installed the ransomware-infected Transmission app himself.
Remedy: security software. It is perhaps rare that users can still acquire ransomware even if all precautions are taken. For these rare but expensive cases, a modern security solution on the computer offers the necessary protection – regardless of the respective operating system.
Unprotected IoT devices
The Internet of Things, which is being used more and more by private users, also poses a risk. An unpatched or misconfigured router opens the door to hackers’ computers. Attackers use the Internet to automatically search for router vulnerabilities and the respective installed systems. Thanks to special tools, they don’t have to do much with it and can automatically and profitably attack a large number of systems.
However, even more common are insufficiently protected or misconfigured network storage devices (Network Attached Storage/NAS). Recently, for example, users of QNAP NAS devices have been increasingly targeted by attackers. These take advantage of either unprotected shares or vulnerabilities in the product itself.
Remedy: Safety-conscious purchase. In general, anyone who uses such hardware should always observe the manufacturer’s security recommendations and always keep the firmware up to date. If both or security certificates are not available, it is better not to buy such systems. If there is reason to believe that attackers will exploit a zero-day vulnerability, users should secure the device behind a firewall and isolate it from the internet until the problem is resolved.
Tech Support Scam
Another way of spreading ransomware is the so-called tech support scam. Fraudsters are particularly targeting older people and other vulnerable target groups. They convince their victims that they need technical assistance and that they need to grant them remote access to their computers for that purpose.
Tech support scammers use no actual ransomware to launch their ransomware attacks. Instead, they use Syskey, a now deprecated Windows NT component that encrypts the Security Account Manager (SAM) database with a 128-bit RC4 key. It was only discontinued decades later with Windows 10 because its encryption was no longer secure and it was also repeatedly misused for ransomware attacks.
But users should not be fooled: support scammers use real ransomware instead, and they don’t miss an opportunity to encrypt your data.