Ransomware is a problem that is here to stay and that will in time become an even bigger issue – that is a fact that is clear to everyone involved in IT security. According to the international study “The State of Ransomware”, more than half of all organizations have experienced a ransomware cyberattack in 2020. Once hit, giving in to criminal demands or restoring the system wholesale is an expensive strategy, if it can be deemed a strategy at all. True risk mitigation should first ask what the main attack vectors exploited by this type of malware actually are. This is the only solution that not only staves off the problem of ransomware, but ideally minimizes the risk permanently.
The three main attack vectors of ransomware
Attack vector number 1 – the technology: As in many other attack scenarios, hackers exploit vulnerabilities and backdoors of infrastructure for their ransomware attacks in order to smuggle malware into a system. Infrastructure is especially vulnerable when it is based on unpatched systems. For example, the well-known Wannacry ransomware – which gained notoriety by taking out entire universities and hospitals – directly targets computers running outdated versions of Microsoft Windows. It exploits a known programming flaw in the SMB implementation to create crashes and persistent bluescreens (hence the name “Eternal-Blue”), spying on computers and locking users out of systems. The Wannacry ransomware attack shows just how virulent the problem of unpatched computers is. The attack spread to 150 countries and infected more than 230,000 computers.
Attack vector number 2 – the process: Even if Chief Information Security Officers (CISOs) conduct their job in an exemplary manner and keep their system up to date, patch management also involves risk. Failure to check if patches are transferred from verified sources, or simply allowing system changes to take place, may open the floodgates for malware and ransomware to befall your systems. As the example of network management service provider SolarWinds shows, even a single patch can be compromised: In this case that caused a stir in 2020, hackers infiltrated the SolarWinds supply chain. This allowed them to…