π¨ 1. Phishing Emails [factual]
β’ Most common method.
β’ User receives a deceptive email with a malicious link or attachment (e.g. PDF, Word doc with macros).
β’ Once opened, the malware downloads and executes ransomware.
β’ Often disguised as invoices, delivery notices, or resumes.
π 2. Compromised Websites [factual]
β’ Known as drive-by downloads.
β’ Visiting a booby-trapped website (even briefly) can trigger a silent download if the browser or plugins are vulnerable.
β’ These sites often look legitimate and may even be hacked versions of trusted domains.
π 3. Remote Desktop Protocol (RDP) Attacks [factual]
β’ Attackers scan the internet for exposed or poorly protected RDP services.
β’ Use brute-force attacks or leaked credentials to log in.
β’ Once in, they manually install the ransomware.
β’ Common in targeted attacks against businesses.
π§βπ» 4. Software Vulnerabilities / Exploits [factual]
β’ Attackers exploit known vulnerabilities in unpatched operating systems or applications.
β’ Examples include EternalBlue (used by WannaCry) exploiting SMBv1.
β’ Exploits can spread ransomware across internal networks quickly.
𧳠5. Malicious Ads (Malvertising) [factual]
β’ Infected adverts served via ad networks on legitimate websites.
β’ No user interaction needed beyond viewing the page.
β’ Often combined with exploit kits to target browser flaws.
πΎ 6. Infected Software or USB Devices [factual]
β’ Trojanised installers from unofficial sources (pirated software, keygens).
β’ Or ransomware pre-loaded on USB sticks (common in social engineering attacks).
π§ 7. Initial Access Brokers (IABs) [inference / emerging threat]
β’ Criminals specialising in breaching networks and selling access.
β’ Buyers (including ransomware gangs) purchase this access to deploy payloads.
More Musings 