How is ransomware spread to company networks?

If you’re looking to defend against ransomware attacks, the most important question to answer is “How is ransomware spread?” Ransomware is a highly pernicious form of malware that encrypts files and data, preventing users from accessing them until a ransom is paid (and sometimes not even after paying the ransom).

To know where the vulnerabilities may exist within your IT environment, understanding the different vectors for ransomware transmission is essential. Below, we’ll discuss the various answers to the question “How does ransomware spread to company networks?”

How is current ransomware spread?

Not all ransomware is created equal: certain ransomware strains are more prevalent or more damaging than others. Below are the infection methods of some of the most well-known variants of ransomware:

  • How is Petya ransomware spread? The Petya ransomware variant first emerged internationally in June 2017. The malicious software spread itself by infecting the update infrastructure of MeDoc, a Ukrainian company that makes financial accounting software. A new update was pushed out to MeDoc customers containing this malicious code, spreading Petya to many systems. The ransomware then exploited the MS17-010 vulnerability in the Windows operating system to further propagate itself.
  • How is REvil ransomware spread? REvil is a “ransomware as a service” (RaaS) operation in which attackers pay to use tools developed for launching ransomware infections. Since many different attackers have access to the REvil infrastructure, the vectors of infection may vary depending on the attacker’s preferred method. According to a 2021 study, 65% of REvil infections were due to compromised Remote Desktop Protocol (RDP) sessions, while 16% were due to phishing and 8% were due to software vulnerabilities.

Related Content: Can EDR stop ransomware?

How does ransomware commonly spread to company networks?

There are many potential techniques that ransomware attackers can use to gain access to a company network, underscoring the need for a robust ransomware defense. The most common ways for ransomware to spread include:

  • Remote Desktop Protocol (RDP): Microsoft’s Remote Desktop Protocol (RDP) is a software application that allows users to remotely connect to and control another computer. RDP has many benign uses: for example, network administrators can use it to provide technical support, while users can log into their work computers while away from the office. However, if your RDP connection has vulnerabilities or exposed ports, attackers can exploit these flaws to infiltrate your device and install ransomware.
  • Phishing emails: Phishing attacks are another highly common source of ransomware infection. This technique uses social engineering to assume the identity of a trusted third party, such as a company or business contact. Then, the attacker convinces the victim to visit malicious links or download malicious email attachments, leading to a ransomware infection. “Spear phishing” is a particularly sophisticated phishing technique that targets a specific individual, using external knowledge to make the attack more convincing.
    Exploit kits: An exploit kit is a malicious software program that scans your machine for vulnerabilities. Users typically fall victim to an exploit kit by visiting a compromised website. Even online advertisements can have an exploit kit hidden inside them, a phenomenon known as “malvertising.” The exploit kit detects your system’s browser, operating system, and other details and then uses this information to exploit any vulnerabilities by installing ransomware. Because this attack can occur without any action on the user’s part, it is also known as “drive-by downloading.”
  • Pirated software: If financial and legal consequences weren’t enough, there’s another reason for businesses to avoid using pirated software: ransomware infection. As an unauthorized and illegal software distribution method, pirated applications are an easy vector for ransomware transmission. Attackers can bundle ransomware together with the actual application and then distribute it via torrent websites or other peer-to-peer sharing methods. What’s more, using pirated software may indirectly contribute to the spread of ransomware since vulnerabilities in the pirated application may go unpatched.
  • Storage devices: Ransomware can lie in wait on storage devices such as hard drives, portable computers, USB drives, and other removable media. Once these devices are connected to your system, malware can encrypt your files and then spread to other computers on the network. For many users, simple curiosity about a drive’s contents can have a disastrous effect: according to one study, 48% of people who found a USB drive in a parking lot later plugged it into their computer.

Keep Reading: Do I need legal counsel during a ransomware attack?

How to get started with ransomware defense

As discussed above, there are a wide variety of answers to the question “How is ransomware spread?”. This means that businesses need a robust and multifaceted approach when protecting against ransomware.

That’s precisely why UncommonX has created the BOSS XDR (extended detection and response) platform. The BOSS XDR platform helps our clients with everything from protecting against cyber threats—including ransomware—to reacting and recovering after an IT security incident.

Want to see how BOSS XDR can help defend against ransomware and other cyber attacks? Get in touch with our team of IT security experts today to discuss your business goals and requirements and see a demo of the BOSS XDR solution.

About the Author

At the center of our U.S.-based Security Operations Center (SOC) is a distinctly skilled team of security architects, engineers, analysts, and data scientists. Each is an expert in their respective field and dedicated to protecting our customers 24/7.