We’ve had a few questions here at CryptoDrop about how we protect your files once ransomware is on your system. The previous blog entry points to an article that we wrote that talks about this in some detail. But a more important question you might have is, how can ransomware infect my computer in the first place?
We’re going to talk about some of the ways this can happen in this article. Ransomware writers are very crafty and use all sorts of techniques to find their way onto your computer. We’ll consider a few approaches, or “attack vectors” as we call them, now.
Infecting You From A Remote Connection
Some ransomware that we have analyzed tries to make connections with services running on your computer. You typically use your computer to connect to others in order to get information, for example through the Web or email. In some other cases though, you might have software running on your computer that allows others to connect to you. For example, you might have a program running that lets you access your computer’s desktop from your work computer, or you might be running a program such as BitTorrent. You may not even know such programs are running.
Some ransomware finds systems that are advertising these remote services and looking for vulnerabilities in them, so that they can attach to your computer and exploit those vulnerabilities to infect your system. In short, ransomware can get on your system without you doing anything but turning on your machine.
Infection Through Attachments
In other cases, you aren’t presenting any remote services to the outside world, but ransomware still finds its way in. This can happen through malicious attachements in your email. You might open a Microsoft Word file, or a PDF document, that contains malicious data. The act of opening the file can cause scripts to run that allow ransomware embedded within these files to infect your computer.
Sometimes the emails can appear to be very legitimate, looking as through they come from someone you know with personal information about you in order to make them more believable. It only takes the one click on those files to start up the ransomware, no matter how honest the file appears to be.
Infection Through Websites
Just like with email, sometimes malicious code can be downloaded to your computer without you realizing it. You might see a web forum posting disguised as helpful information to download a file, and sometimes the fact that you’re downloading something isn’t even clear in the first place. Once the code is on your computer, the ransomware can begin encrypting your information.
Infection Through Devices
Sometimes the infection might not be because of anything that you accessed from your computer, but can be the result of malware being transmitted from something that you received from someone else, such as a USB flash drive. When you plug in the device, that process can cause the malicious code to run and the ransomware to be installed on your system.
Be careful when using USB devices – attackers have been known to drop them in parking lots outside of targets!
How To Protect Yourself
There are ways to minimize your exposure to malicious code. However, it is often the case that information looks completely legitimate and yet contains ransomware. While it is important to be careful about what gets transmitted and run on your computer, it is very difficult to be right all of the time. Even experts get fooled!
Fortunately with CryptoDrop protecting your system, we provide the layer of defense that will stop a ransomware infection whenever it starts running on your machine. We have tested our software against huge numbers of ransomware variants and have never failed to stop them quickly. With our Fast Recovery Edition, we can roll back any changes that ransomware might have made to your files, ensuring that none of your data is lost.
We know how hard it is to defend against all of these threats, so let CryptoDrop be your protection, because at CryptoDrop, We Stop Ransomware.