📨 1. Phishing Emails [factual]
• Most common method.
• User receives a deceptive email with a malicious link or attachment (e.g. PDF, Word doc with macros).
• Once opened, the malware downloads and executes ransomware.
• Often disguised as invoices, delivery notices, or resumes.🌍 2. Compromised Websites [factual]
• Known as drive-by downloads.
• Visiting a booby-trapped website (even briefly) can trigger a silent download if the browser or plugins are vulnerable.
• These sites often look legitimate and may even be hacked versions of trusted domains.🔓 3. Remote Desktop Protocol (RDP) Attacks [factual]
• Attackers scan the internet for exposed or poorly protected RDP services.
• Use brute-force attacks or leaked credentials to log in.
• Once in, they manually install the ransomware.
• Common in targeted attacks against businesses.🧑💻 4. Software Vulnerabilities / Exploits [factual]
• Attackers exploit known vulnerabilities in unpatched operating systems or applications.
• Examples include EternalBlue (used by WannaCry) exploiting SMBv1.
• Exploits can spread ransomware across internal networks quickly.🧳 5. Malicious Ads (Malvertising) [factual]
• Infected adverts served via ad networks on legitimate websites.
• No user interaction needed beyond viewing the page.
• Often combined with exploit kits to target browser flaws.💾 6. Infected Software or USB Devices [factual]
• Trojanised installers from unofficial sources (pirated software, keygens).
• Or ransomware pre-loaded on USB sticks (common in social engineering attacks).🧠 7. Initial Access Brokers (IABs) [inference / emerging threat]
• Criminals specialising in breaching networks and selling access.
• Buyers (including ransomware gangs) purchase this access to deploy payloads.