LATEST INTELLIGENCE publicly leak the victim ’ s data if payment is not made . This complicates the scenario in multiple ways : aside from dealing with the immediate problem of restoring access to files and services , organisations may have to declare a breach incident to regulators , could face regulatory fines , face reputation loss , legal action from clients , and the risk of sensitive data or IP leaking to competitors . All these complications could remain in play regardless of whether the victim actually pays the initial ransom demand .
The SentinelOne Complete Ransomware Guide will help you understand , plan for , respond to and protect against this now-prevalent threat . This guide offers examples , recommendations and advice to ensure you stay unaffected by the constantly evolving ransomware menace .
Methods of infection
Understanding how ransomware infects and spreads is the key to avoiding falling victim to an attack . Post-infection , ransomware can spread to other machines or encrypt network filers in the organisation ’ s network .
In some cases , it can spread across organisational boundaries to infect supply chains , customers and other organisations .
All of the following can be vectors of infection for ransomware attacks :
• Phishing
• Compromised Websites
• Malvertising
• Exploit Kits
• Downloads
• Messaging Applications
• Brute Force via RDP
Phishing
Still the most common method for attackers to initially infect an endpoint with ransomware is through phishing emails .
Increasingly targeted , personalised and specific information is used to craft emails to gain trust and trick potential victims into opening attachments or clicking on links to download malicious files . Malicious files can look indistinguishable to normal files , and attackers may take advantage of a default Windows configuration that hides the file ’ s true extension .
For example , an attachment may appear to be called ‘ filename . pdf ’, but revealing the full extension shows it to be an executable , ‘ filename . pdf . exe ’.
Files can take the form of standard formats like MS Office attachments , PDF files or JavaScript . Clicking on these files or enabling macros allows the file to execute , starting the process of encrypting data on the victim ’ s machine . •
17