Jurnal

Catatan kisah, perjalanan, riset, pdkt ke pasangan dll.

by omdik

Sumber : blog.emsisoft.com

Penulis : Sarah

The most common ransomware infection methods

1. Email malware: An oldie but a goodie

This ransomware attack vector can be broken down into two forms:

  • Downloading malicious attachments and;
  • Clicking on malicious links within emails.

Both require action from you and as such are the most preventable methods of infection.

2. Drive-by downloads: infecting your system without your knowledge

Exploit kits are sophisticated code that exploit vulnerabilities in a system. Most often, they are executed when a victim visits a compromised website, intentionally or not, or by being redirected from a hacked legitimate site to a compromised one. Malicious code is hidden in the page’s code, often in an advertisement (malvertisement), which redirects you to the exploit kit landing page, unnoticed by the victim. This was the case when the New York Times and the BBC were hacked and thousands of readers were redirected to an injecting site.

3. Barrage attacks against RDP servers infect networks rapidly

Remote Desktop Protocol (RDP) attacks, or ‘really dumb password’ attacks, occur when companies leave RDP client ports open to the Internet, and, knowing this, attackers scan blocks of IP addresses for open RDP ports. Once found, hackers will attempt all possible variations rapidly to work out the remote desktop login password which is made easier when a server administrator uses login credentials like username:admin password:admin. Make no mistake, the easiest way to hand access to a hacker is by choosing a weak password. This goes for all users, not only server administrators.

After gaining access to the system, hackers can execute the file that does the encryption and locates all network and local drives. Once a hacker has access to your network, they can do pretty much anything. Recently, three healthcare organizations’ databases were compromised by in this way. A vulnerability in how they implemented their remote desktop protocol (RDP) functionality was exploited, patient files were held for ransom and a further 655,000 were listed for sale on the dark web.