1. Warez sites, torrents, cracked applications
Some of the most common places to get infected with ransomware are warez sites and torrents, where people typically download pirated content or unofficial software packages that are barely vetted by anyone. These questionable mediums are the perfect hub to sneak ransomware through. Threat actors upload their infected software packages – say, a popular game or movie – and advertise them as legit. Users unwittingly download the malware-laden files and, as they attempt to run them, they deploy the ransomware with their own hands.
Stay away from unofficial software repositories, warez sites and torrents! Not only is pirating software bad, but there’s also a good chance you might get ransomware on your computer.
2. Phishing
Easily the most popular attack vector for any type of cyber-attack, phishing is a common technique to get ransomware onto people’s computers. Attackers either spoof a website or set a trap through spam emails so that unwary users end up downloading malware.
Be wary of spam emails that try to get you to do something, such as access a link, claim a prize, download and view an attachment, etc. When in doubt, double check the sender’s address and message content. If it claims to be from an entity you can contact on a different channel, do so to confirm it’s not a scam.
3. Supply chain
Sometimes even downloading official software can land you a dose of malware. This vector is called a supply chain attack, meaning the attackers somehow manage to enter the supply chain, breach the official software vendor – say, your favorite freeware video player, like VLC – and infect official software builds with ransomware.
4. Exposed IoT devices
Internet-connected gizmos are everywhere these days. While most of them aren’t directly affected by ransomware, there are exceptions. For example, if you have an unpatched or misconfigured router on your home network, bad actors can find a way inside your computer by scanning the web using specialized tools.
5. Tech support scams
Falling for a tech support scam is another way you can land yourself a case of ransomware. Typically targeting a vulnerable demographic – like the elderly – threat actors convince the victim to grant them remote access to their computer, at which point they do the deed.