How Cybercriminals Use Exploit Kits to Install Ransomware?

Most of us are familiar with email ransomware attacks by now. A former co-worker you haven’t heard from in years sends you an email with a file they say you must check out. It’s helped them so much, and they want you to do it…or some nonsense like that.

Other times, it’s more convincing. It comes from someone you currently know who has every reason to be sending you a file. You click, and it’s over. You’re infected. You’re encrypted. And criminals want your money.

Exploit Kits are yet another strategy these criminals can use to get ransomware onto your computer and encrypt your important files.

How Exploit Kits Work

1. You See an Ad

You see an ad that looks like it’s from a legitimate brand, you know. The colors, fonts, logos, and images all look right. But just like a spoofed email, something is very wrong.

2. You Click the Ad

The ad entices you, and you trust the brand, so you think nothing of clicking it. It whisks you away to a landing page that looks like the website you expected to visit.

It also looks right, but it’s a spoofed website, a site designed to look like it belongs to a trusted company. Some of the most commonly spoofed site types include:

  • Microsoft, Apple, Google, and other massive corporations that provide services 99% of us use.
  • Payment services
  • Cloud storage solutions
  • Social media
  • Banks
  • Streaming Services

And you’re going to need ransomware removal soon. But won’t your anti-malware protect you?

3. Your AntiVirus Gets Confused

These pages don’t only look like a legitimate site to us humans. Criminals have given it online signatures that can fool many antimalware programs and operating system safeguards that may be in place to detect spoofed sites. The exploit code is hidden and hard to detect.

Eventually, anti-malware programs will catch on. You’ll receive patches to update your system’s ability to identify the new threat.

But if you’re one of the unlucky ones that click before this happens, or you delay installing updates, your antimalware will be unable to detect it.

4. Exploit Kits Homes in on its Target

The exploit kit can now begin scanning your operating system, looking for vulnerabilities to exploit. Once it identifies this doorway, it inserts code into that weak spot. This starts the ransomware chain reaction.

5. The Chain Reaction Begins

The exploit kit springboards off that weak spot, infecting the computer, locating every file on the computer and encrypting it. Once encrypted, the ransomware notice appears with instructions about how to pay the attacker in cryptocurrency to make it harder to trace where the ransom money goes and reduce the possibility of getting your money back.

You can choose to pay the ransom and support a criminal enterprise that uses your money to make their attacks stronger and target others. Or you could choose not to pay, and have your files permanently inaccessible. Obviously, neither is a desirable option.

How to Protect Your Computer from Ransomware

Whether it comes through an email or a malicious website, ransomware can do a lot of damage. Losing certain business or personal files can damage your career and life. You can protect yourself by taking a stand against ransomware

  1. Keep your operating system and software up-to-date. Criminals are constantly seeking out vulnerabilities to exploit. And software companies are continually developing patches to fight them. When a software you’re using releases an update, install it quickly.
  2. Don’t trust old operating systems. Are you running Microsoft 95 on an old computer? Probably not. But know that companies stop supporting old operating systems and software after 5 years or so. You will need to update to continue to have some protection.
  3. Don’t click on links in emails. Learn to spot phishing emails. Double check the sender’s email address or a website’s URL.
  4. If you click an ad and experience redirects, back out now. Redirects may suggest a site trying to avoid detection.
  5. Avoid clicking on ads that seem too good to be true or use click bait titles you can’t resist. Resist!
  6. Keep your malware protection up-to-date. But know that these attacks are sophisticated and can sometimes trick malware protectors.
  7. Stay away from websites that are overloaded with ads to the point that it’s hard not to accidentally click. This is often where these ads hang out. Reputable ad platforms like Google AdSense won’t run their ads on sites like these, so a bad user experience is a sign they may be running malicious ads.
  8. Use a multi-layered strategy to protect yourself. This includes anti-ransomware solutions like protection endpoints where people access the software, email spam filters, backing up your important files, and having a plan to remove ransomware.

A layered system reduces your chances of becoming infected and, more importantly, gives you options in the event you do get infected.