How you get infected with ransomware (and what to do about it)
Updated on October 20, 2022, by Xcitium
How do you get infected with ransomware?
You can get infected with ransomware through phishing emails, malicious downloads, compromised websites, unpatched software, or weak remote access security. Most infections occur when users unknowingly open infected files or click malicious links.
The main ways you get infected with ransomware are email attachments, using the internet, and, to a lesser extent, through hardware (such as USB storage devices). Fortunately, there are steps you can take to protect against all of these. With that in mind, here is a quick guide on how you get infected with ransomware (and what to do about it).
Email attachments
Email may be one of the world’s most convenient ways of communication, but that convenience (and affordability) has also made it a tool for malicious actors. Automated email filtering has done a lot to reduce the spread of certain forms of malware. It’s now much more difficult just to throw out a load of malicious emails and hope that some of them hit a target. Automated filters are, however, unable to offer much, if any, protection against targeted social-engineering attacks.
This means that it’s long since stopped being enough to ask people to stop and think before they open email attachments. The hard truth of the matter is that even the best-informed people can be duped. Realistically, the only way to ensure protection against malicious email attachments is to have a policy that all email attachments must be scanned by a reputable anti-malware program before they are opened. This policy needs to be automated to ensure that it is applied every, single time without exception (no matter how busy or how senior the recipient).
Surfing the internet
In principle, there are all kinds of ways you can pick up ransomware when surfing the internet. In practice, the big two are social media platforms and malvertising.
Social media platforms have brought a lot of benefits, but they have also brought a lot of traps for the unwary. To be fair, the companies behind them are doing their best to address these. In fact, they need to address them to ensure the long-term survival of their service. In the mean-time, however, the onus is still very much on the user to protect themselves.
In the context of picking up ransomware through a social media platform, the main threat is short links. These are convenient. In fact, arguably they are essential on some platforms, such as Twitter, but they also conceal the nature of the link. In principle, it’s easy enough to check the genuine link. In practice, however, very few people are likely to bother, especially not when they’re scrolling through their social media feed on their lunch break.
Malvertising is a relatively new form of threat. It involves buying legitimate advertising space and then using the adverts for malicious purposes. The reason why malvertising is such a threat is that most website owners, even large ones, sell advertising space through agencies. These agencies tend to be all about volume and hence do not necessarily conduct rigorous checks on who is advertising with them or what the advert contains. This means that even reputable, “safe” websites can be compromised.
In principle, the easy way to deal with malvertising is to use an ad-blocker. This is exactly why so many reputable anti-malware products now include them (at least in their paid versions). The problem is that some websites only allow access to their site if the user permits adverts. This means that you need a Plan B and the obvious solution is to use a reputable anti-malware product with an integrated firewall.
Hardware
It’s currently relatively uncommon for malware to be spread through hardware since it takes more effort (and hence more risk and cost) than spreading it digitally. Ransomware, however, can be very lucrative, which can make it worth the effort. Always remember that robust digital security rests on a foundation of robust physical security. What this means in practice will depend on the device.
For example, with desktop computers, it generally means securing the room in which they are held and securing access to any ports, especially USB ports. For mobile devices, it includes thinking about how they will be charged and trying to eliminate them being plugged into external USB ports such as the ones in public charging stations.
Keeping your system safe from ransomware
It is extremely risky to rely on the default security apps bundled with the main operating system. These are better than nothing, but the companies behind them are not dedicated cybersecurity companies and cannot be expected to have the same level of expertise as sector specialists. You need a proper anti-malware program with an integrated firewall from an actual security company.
You also need to ensure that you are rigorous about ensuring that your operating systems and locally-installed applications are promptly updated.
Top Ways You Can Get Infected with Ransomware
- Phishing emails and attachments
Attackers send fake emails with malicious files or links. - Malicious downloads
Downloading cracked software or fake updates can install ransomware. - Compromised websites (drive-by downloads)
Visiting infected sites can automatically download malware. - Unpatched software vulnerabilities
Outdated systems are easy targets for attackers. - Remote Desktop Protocol (RDP) attacks
Weak passwords allow hackers to access systems remotely. - USB drives and external devices
Infected storage devices can spread ransomware. - Malvertising (malicious ads)
Clicking fake ads can trigger downloads.
Common Ransomware Infection Methods
| Infection Method | Risk Level | How It Happens |
|---|---|---|
| Phishing emails | ⭐⭐⭐⭐⭐ | Fake attachments or links |
| Software downloads | ⭐⭐⭐⭐ | Pirated or infected apps |
| Unpatched systems | ⭐⭐⭐⭐⭐ | Exploited vulnerabilities |
| RDP attacks | ⭐⭐⭐⭐ | Weak credentials |
| Malicious websites | ⭐⭐⭐ | Drive-by downloads |
| External devices | ⭐⭐⭐ | Infected USB drives |
Real Examples of Ransomware Infections
- Fake invoice email with infected attachment
- “Delivery failed” message with malicious link
- Fake software update pop-ups
- Cracked software downloads from unsafe websites
👉 These scenarios are commonly used in real attacks.
How to Avoid Getting Infected with Ransomware
| Infection Method | Prevention Tip |
|---|---|
| Phishing emails | Avoid suspicious attachments |
| Malicious downloads | Download only from trusted sources |
| Unpatched software | Enable automatic updates |
| RDP attacks | Use strong passwords + MFA |
| Malicious websites | Use web filtering tools |
How Businesses Get Infected with Ransomware
- Weak remote access security (RDP exposure)
- Lack of endpoint protection
- Unpatched enterprise systems
- Poor employee awareness
- Lack of Zero Trust security
👉 This is where Xcitium’s Zero Trust and containment approach becomes a strong differentiator.
FAQ
What is the most common way to get ransomware?
Phishing emails are the most common method, often disguised as legitimate messages.
Can you get ransomware just by visiting a website?
Yes, compromised websites can install ransomware through drive-by downloads.
How fast can ransomware infect a system?
Some ransomware can encrypt files within minutes of infection.
Can ransomware spread across networks?
Yes, advanced ransomware can move laterally across networks if not contained.
Please click here now to start your free 30-day trial of Xcitium AEP.
Ransomware Attacks
Ransomware Protection
Ransomware Removal
Ransomware Virus
IT Service Management
Does Ransomware Steal Data
