Definition
Ransomware is a type of malicious software designed to deny access to a user’s systems or data by encrypting files. Once ransomware has infected a system, the attacker demands a ransom (usually in cryptocurrencies such as Bitcoin) to provide the decryption key and return access to the user. This is one of the main techniques used by malicious actors to compromise companies and obtain financial gain, both for the ransom and for the subsequent sale of sensitive data on cybercriminal forums.
Attack vectors
Cybercriminals use different techniques to infect the computers of a company. The main vectors are:
Phishing Attacks
- Email Phishing. Attackers send emails that look legitimate, often masquerading as trusted entities like banks, government agencies, or even internal company emails. These emails typically contain malicious attachments (like infected PDFs, Word documents) or links to phishing sites.
- Spear Phishing. A more targeted form of phishing where attackers tailor emails to specific individuals within the company, often using social engineering techniques to make the message appear even more credible.

Exploiting Software Vulnerabilities
- Unpatched Software: If a company fails to keep its software up-to-date, attackers can exploit known vulnerabilities in operating systems, office applications, web browsers, or third-party software (e.g., Adobe Flash, Java).
- Zero-Day Exploits: These are vulnerabilities that are not yet known to the vendor or the security community. Once discovered, attackers can exploit these vulnerabilities to gain unauthorized access to systems.
Remote Desktop Protocol (RDP) Attacks
- Brute Force Attacks: Cybercriminals may use brute force techniques to guess RDP login credentials and gain access to a company’s internal network.
- Weak Passwords: If RDP is not properly secured, using weak or default passwords increases the risk of successful exploitation.
Insider Threats
- Malicious Insiders: Employees or contractors with access to sensitive data or systems can intentionally misuse their privileges to steal data or introduce malware into the company network.
- Negligent Insiders: Employees unintentionally cause breaches by mishandling sensitive information, falling for phishing attacks, or misconfiguring security settings.
Supply Chain Attacks:
- Third-party Software: Attackers can compromise software or hardware from trusted vendors (supply chain partners) and insert malware into their products, which is then installed on the company’s systems when the software is updated or installed.
- Software Updates: If a company relies on automatic software updates, attackers may compromise the update mechanism, ensuring that malicious code is installed alongside legitimate updates.

Conclusions
To go into detail on how this type of malware works, you can check our blog: Ransomware If unfortunately you have been the victim of an attack, you can follow the main recovery steps that we have listed in our blog: What to do in case of Ransomware