How do you get ransomware?

Ransomware is most commonly distributed by email, social network messages and infected websites.

Email

Most ransomware is distributed by the popular malware infection technique known as “phishing”, in which you receive an email that is designed to look like it comes from someone you know or should trust. The goal is to get you to open an attachment or click on a web link in the email, which then downloads malware like ransomware to your system. Criminals will study your social networks and other public information to learn details about you to make their phishing emails more believable, e.g., by discovering where you went to school and crafting a message that looks like it comes from your alumni association.

Social networks

One of the many new techniques that ransomware gangsters are using to distribute their malicious wares includes the use of social network and instant messaging apps.

For example, criminals may send you a Facebook Messenger post that includes a graphics attachment with the commonly-used .SVG file name extension. SVG files look legitimate to the Messenger app and your browser’s white-list filtering, and so execute automatically when viewed in a standard web browser. Once opened, the file executes and redirects the reader to a website which invites the user to install a browser extension so that they can view a (fake) YouTube video. Installing this extension opens the door for a ransomware infection.

What does it mean for you? Be wary of installing software or browser extensions in response to social media posts and instant messages.

Social networks

One of the many new techniques that ransomware gangsters are using to distribute their malicious wares includes the use of social network and instant messaging apps.

For example, criminals may send you a Facebook Messenger post that includes a graphics attachment with the commonly-used .SVG file name extension. SVG files look legitimate to the Messenger app and your browser’s white-list filtering, and so execute automatically when viewed in a standard web browser. Once opened, the file executes and redirects the reader to a website which invites the user to install a browser extension so that they can view a (fake) YouTube video. Installing this extension opens the door for a ransomware infection.

What does it mean for you? Be wary of installing software or browser extensions in response to social media posts and instant messages.

Leave a Reply

Your email address will not be published. Required fields are marked *