Please wait, authorizing ...

Don't have an account? Register here today.


3 Most Common Ways a Ransomware Attack Spreads

Ataque ransomware

International. Guardicore shared that cybercriminals, when spreading a ransomware attack, most often use emails, malicious URLs, and the remote desktop protocol.

According to a study by Guardicore (part of Akamai) "Ebook for 5-step ransomware defense, how to strengthen your defenses beyond the perimeter" a ransomware attack carries several extremely harmful consequences such as disruption in productivity, such as brand damage and loss of customer loyalty, among others.

Such damages were estimated to happen every eleven seconds in 2021 and cost $20,000 dollars. Meanwhile, the average cost of a ransomware payment is $84,000 and the average downtime left by this type of incident to a company is 16.2 days.

Considering the overflowing growth of ransomware-type cyberattacks in recent years, Oswaldo Palacios, Senior Account Executive for Guardicore, opined that one of the weaknesses in the cybersecurity strategies of the organizations that most exploit attackers is the lack of east-west visibility in data centers.

- Publicidad -

Likewise, he added that lateral movements are rarely detected in a timely manner, a matter of knowledge of ransomware developers, who take advantage of security weaknesses and gain access to critical assets, due to that lack of visibility and segmentation.

The Guardicore expert was emphatic that the most used way for the spread of ransomware in a company is still email, because having weaknesses of the protocol, it is taken advantage of that it is relatively simple to confuse the user by saying that he has a package pending delivery, a rejected purchase or striking names.

Ataque ransomware por email

3 Most Common Ways to Introduce and Spread Ransomware
In the words of Oswaldo Palacios, the common techniques to generate and spread a cyberattack using malware are:

1. Emails: These emails can be general or involve spear phishing tactics that tailor content to a specific organization or person, hoping it will provoke an interaction, such as opening an attachment or clicking on a link, and giving bad actors a vehicle to deliver malware.

2. Malicious URLs: Malicious URLs commonly appear in phishing campaigns, but they can also be embedded in a website or anywhere a user can click. In the case of ransomware, after the target interacts with the URL, the malware will often attempt to self-install on the victim's machine, where it can begin to spread and spread to multiple assets.

3. Remote Desktop Protocol: The use of virtual desktop infrastructure (VDI) has become a fast-growing attack surface. A significant VDI risk includes the fact that all infrastructure and applications are often located on the same server. If an attacker can successfully introduce malicious software, it can be difficult to detect it until it is too late.

- Publicidad -

Palacios also assured that the active directories and critical applications are among the most attacked points, since there resides the information of the users such as their permissions, accesses and privileges within the company. That is why once an attacker has taken possession of the active directory, the access of the users to the business applications will be compromised, causing a total or partial affectation in the operation.

Defense against ransomware
In that sense, the expert commented that one of the best defenses against ransomware is to avoid lateral movement within its perimeter, an issue that can be difficult to perform for traffic from east to west with traditional firewalls.

He also stressed that while some segmentation is achieved using VLANs, it is often broad and not exactly the most agile approach when you need to isolate assets on the fly, as in the case of a successful breach.

Oswaldo Palacios - Guardicore

"You can't protect what you can't see; therefore, companies need a tool that gives them complete visibility into all data center communications, not only incoming or outgoing from the perimeter, but those that exist within networks and that by not being visible by firewalls can result in threats moving laterally."

Finally, the executive assured that there are cybersecurity tools such as microsegmentation that gives visibility at the process level within the servers, allowing segments so small as to allow or deny communication between processes of an asset.

Iris Montoya Ricaurte
Author: Iris Montoya Ricaurte
Periodista con amplia experiencia en corrección de estilo y generación de contenidos de valor para el sector especializado -

No thoughts on “3 Most Common Ways a Ransomware Attack Spreads”

• If you're already registered, please log in first. Your email will not be published.

Leave your comment

In reply to Some User
Suscribase Gratis

Entrevista con Mauricio Swain de Milestone en Expo Seguridad 2022

La participación de Milestone Systems en Expo Seguridad 2022 estuvo caracterizada porque la marca estaba impulsando su solución Rapid Review, un pulg-in para hacer búsquedas forenses en videovigilancia y por la participación de Mauricio Swain, el nuevo director de ventas para Latinoamérica, quien asumió el cargo en el mes de mayo.

Entrevista con Carlos García Almeida de Magal Security Systems en Expo Seguridad 2022

Magal Security Systems sorteó los retos de logística tras la pandedia al tener una previsión de la demanda y comunicarse de forma directa con los clientes. En su participación de Expo Seguridad 2022, esta marca estuvo impulsando su plataforma Fortis X, recientemente actualizada , la cual sirve para la gestión de seguridad, operatividad y de eficiencia, en puertos marítimos y centros logísticos.

Entrevista con Mauricio Cañas de Johnson Controls en Expo Seguridad 2022

Inteligencia Artificial en las cámaras de las líneas Pro y Flex, una cámara multisensor Pro y los dispositivos Body Worn, así como controles de acceso fueron las múltiples novedades que presentó Johnson Controls en Expo Seguridad 2022

Entrevista con Tatiana Bolivar y Alejandro Espinosa de HID en Expo Seguridad 2022

Impresión de tarjetas con tecnología de inyección de tinta y gestión de la información para la generación de credenciales centralizada en la nube, así como los servicios de tarjetas virtuales para el control de acceso, fueron las soluciones que presentó la marca HID en Expo Seguridad 2022.

Entrevista con Antonio Arceiz de Gesab en Expo Seguridad 2022

La propuesta de Gesab para la versión 2022 de Expo seguridad se concentró en su version nueva de Deskwall, una herramienta pensada para que el operador del Videowall, en vez de enfrentarse a múltiples y enormes pantallas, pueda gestionar la información desde un lugar que no escape a su campo de visión.
Load more...

Latest Newsletter