Regardless of the infection route, almost every type of ransomware follows a series of steps — often repeated steps — to attack users. Most recent ransomware infections of healthcare workstations could be traced to clinical staff web browsing from a workstation that was missing Flash player patches.
Ransomware can infiltrate a computer or device in a number of ways:
• Phishing emails
Legitimate-looking emails with malicious attachments or links to compromised websites are sent to employees. When clicked or opened, ransomware downloads and calls out to its command-and-control server
• Unpatched programs/drive-by downloads
Users with vulnerable programs (an outdated browser, software that’s missing a plug-in, or an unpatched third-party app) visit a compromised website, allowing an exploit kit to download and install.
• Compromised websites
A user visits a legitimate website whose security has been compromised, hiding malicious scripts. Those scripts redirect the user to an exploit kit, which installs on the user’s computer.
Infected banner ads on legitimate sites can initiate an exploit kit that checks for vulnerabilities in the user’s system — without even being clicked — allowing malicious scripts to infect their workstation in seconds.
• Free software downloads
When a user willingly downloads a file, that file bypasses firewalls and email filters, and goes straight to the user’s hard drive.
Free download the checklist of Best Practices to Reduce Ransomware Risks
Healthcare companies should be spending at least 10% of their information technology budgets on security. To prevent your organization’s data from being compromised, get in touch with a cyber security expert at Molaprise.