Some common cyber threats facing the retail industry include ransomware attacks, social engineering, system intrusions and insider threats. The retail sector is often targeted by cybercriminals
Some of the most common ways ransomware is delivered are through phishing emails, drive-by downloads, exploit kits and RDP exploits. According to Malwarebytes’ 2024 State of Malware report, in 2023 the number of known ransomware attacks increased by 68% from the previous year. The report also found that the largest ransom demanded in 2023 was $80 million. Ransomware attacks continue to be a pervasive threat targeting organizations of all sizes – making it crucial to know how to stay protected against them.
Continue reading to learn more about how ransomware is delivered and how organizations can stay protected against ransomware attacks.
What Is Ransomware?
Ransomware is a type of malware that prevents users from accessing the stored files and data on their compromised devices. Some ransomware can also completely prevent users from being able to gain access to their devices by locking them out. When a device becomes infected with ransomware, a pop-up will display on their screen letting them know that their device has been compromised and the only way to regain access is to pay a specified ransom.
However, there’s no guarantee that paying the ransom will give users access back to their devices or data. If a ransom is paid, some cybercriminals may strike again since they’ll know the individual or organization is willing to pay them.
6 Common Ways Ransomware Is Delivered
Here are six of the most common ways that ransomware is delivered.
Phishing emails
Phishing emails are a common culprit for ransomware infections. Phishing is a cyber threat that aims to get victims to disclose sensitive information either by convincing victims to hand it over, having them enter the info on a spoofed website or having them click on a malicious link or attachment. Phishing emails commonly include malicious links and attachments containing ransomware. Once the victim clicks on the link or attachment, ransomware immediately begins to infect their device.
Drive-by downloads
Drive-by downloads happen when malicious software is unintentionally and unknowingly installed on a victim’s device. Drive-by downloads don’t require the victim to click on a malicious link or attachment for their device to become infected with some sort of malware. Just visiting a website can cause malicious software to infect someone’s device. Drive-by downloads typically exploit unpatched security vulnerabilities left open by failing to update apps and Operating Systems (OS).
Exploit kits
Exploit kits are toolkits that cybercriminals use to distribute malware. These kits look for unpatched security vulnerabilities to exploit to make it easier for them to infect browsers, software and applications with malware like ransomware. For an exploit kit to work, cybercriminals have to get users to click on the exploit kit’s landing page, which they typically do by displaying malvertisements or having them click on a link that leads them to a spoofed website. Once the user has landed on the exploit kit’s landing page, it scans for vulnerabilities on the user’s machine. If and when the exploit kit finds a vulnerability, it sends a payload to infect the user’s device.
Remote Desktop Protocol (RDP) exploits
Remote desktop protocol is a communication network protocol that enables users to remotely connect to computers. RDP comes included with most Windows operating systems and Macs. While RDP is convenient, especially for remote workers, it’s also vulnerable to being exploited by cybercriminals if weak credentials are being used. If a cybercriminal is able to hack an RDP connection, they can delete data, encrypt files, lock users out, change system configurations and force organizations to pay a ransom to regain access to their systems and data.
Malicious software, apps and movie downloads
Many cybercriminals create websites where different software, apps and movies can be downloaded for free. While it can be tempting to download from these websites that offer these free downloads, you risk having your device become infected with malware, including ransomware. It’s never safe to download things from suspicious sites, so you should stick to downloading from trusted sources such as Google Play and the App Store. While Google and Apple consistently vet different applications in their stores, make sure to read reviews because it isn’t uncommon for malicious apps to appear at times.
USBs and other removable media
Another way that ransomware can be delivered is through removable media such as USBs and external hard drives. It’s crucial that you always keep your removable media in a safe place to prevent anyone from infecting it with malware. It’s also important to never plug any removable media into your devices that could be potentially compromised.
How To Protect Your Organization Against Ransomware Deliveries
Here are a few ways you can protect your organization from ransomware deliveries.
Invest in a PAM solution
Privileged Access Management (PAM) solutions aid organizations in managing and securing access to their most highly sensitive data while reducing an organization’s attack surface. With a PAM solution like KeeperPAM™, organizations can secure employee credentials, secrets and remote connections. KeeperPAM provides IT administrators full visibility and control over every aspect of your organization’s network to mitigate the risk of a successful cyber attack, including ransomware attacks.
Train employees on cybersecurity
Your employees can be your weakest link. If your employees aren’t trained or are being trained on cybersecurity best practices, the chances of them having ransomware installed on their devices are a lot higher. Your organization should have monthly training sessions in place to teach employees what they should and shouldn’t be doing on company-owned devices. Some of the things you’re employees should be trained on include the following.
- Keeping software and devices up to date
- Being cautious of social engineering attempts
- Not clicking unsolicited links and attachments
- Avoiding going on illegitimate websites
- Not downloading unapproved software
Avoid Falling Victim to Ransomware Deliveries
Ransomware deliveries can be extremely damaging to organizations financially and reputationally, which is why it’s crucial that organizations invest in proper solutions that can help keep their data safe. KeeperPAM combines Enterprise Password Manager (EPM), Keeper Secrets Manager (KSM) and Keeper Connection Manager (KCM) into one unified platform to keep your organization protected from common cyber threats like ransomware.
Interested in reducing your organization’s attack surface with KeeperPAM? Request a demo today.