Our Blog

How ransomware spreads: Uncovering infection methods

How ransomware spreads: Uncovering infection methods

Portia Linao Portia Linao
February 01, 2022, Post a comment

Like biological viruses, malware also has multiple variants, and it continually evolves throughout the years, creating more sophisticated viruses with it.


Ransomware is malware that spreads from one computer to another with financial gain as its goal. And with the rise of remote and hybrid work setups, ransomware attacks increased by 148%


Ransomware works by encrypting their victims’ files and holding them hostage in exchange for ransom. But that can only work if the malware has bypassed your computer’s security. And with the innovative ways ransomware developers create new ways to hold your data for ransom, it’s only a matter of time before they’ll infiltrate your computer as well. That’s why cyber security and consistent security awareness training should be a part of an organisation’s efforts to protect its data against cyber risks. 


But no matter how advanced a ransomware program is, it still needs to be spread throughout different networks in order to catch victims. Essentially, it still has to follow the typical malware-spreading techniques to infect systems. And unless an organisation has a security strategy in place, no matter what type of ransomware it is, it will ultimately succeed in its goal of stealing your data assets and encrypting them. 


Once organisations discover that they’ve fallen victims to ransomware, it’s already too late. That’s why the goal of this article is to show you how ransomware spreads and how to protect yourself against specific infection methods. 



Ransomware spreads through emails and various networks with the help of social engineering. The goal of these emails is to motivate recipients to open/download/install the infected attachment.

These attachments usually come off as a normal PDF file, Spreadsheet file, Word document, or even a ZIP file.

When a receiver opens the infected attachment, the ransomware will either establish itself on the computer immediately or wait for a certain period (depending on the ransomware) to launch a full-blown attack on the receiver’s data.

From time to time, the ransomware attack would depend on the target. This is where cybercriminals do immense research to make their socially engineered emails as believable as possible.

The more credible an email looks, the more likely it is for a director, executive, or anyone with admin access to open the infected attachment and release the malware into the corporate network.

How to protect your organisation against this infection method:

  • Always check the sender's information (name and email address) before opening attachments.
  • Beware of attachments that require enabling macros. If you’ve confirmed that the email came from a legitimate contact, reach out to your IT department for guidance.
  • Learn how to avoid phishing emails by taking up Security Awareness Training at least twice a year.

Storage devices (Flash drives and Portable Computers)

Ransomware can also spread from network to network through portable storage devices. They’re a common tool that helps spread malware without the help of an internet connection. But for the storage device to infect other computers, it first has to be infected by another malware-infested computer.

Once you connect your computer to an infected storage device, it will start to infiltrate your local files and encrypt your data. Worst-case scenario, the malware will spread throughout your networks.

The spread of this ransomware is mostly unintentional.

This is often due to an unknowing employee plugging an infected portable storage device into their office computer, ultimately allowing the ransomware to infect their device and potentially spread throughout the corporate network.

How to protect yourself against this infection method:

  • Only insert trusted storage devices on your computer.
  • Beware where you insert your storage device. Be wary of public systems such as internet cafes.
  • If you need to plug a portable device into your computer, use credible anti-viral software to scan it.
  • Create company-wide policies regarding personal storage devices.

Malicious URLs

Malicious links and phishing emails are a dangerous combination.

Aside from attachments, phishing emails can also spread ransomware through malicious links. Once the recipient visits the linked website URL, the malware will install itself into the victim’s computer. From there, it will spread throughout the network and infect other data.

Cybercriminals use social engineering to entice the recipients to click on the link. Most of the time, they create a sense of urgency to urge the targets to click on the link to activate the ransomware. Once triggered, the ransomware will download itself into the device, encrypts the victim’s data, and post a ransom note with their demands.

How to protect yourself against this infection method:

  • Always be wary of all embedded URLs in emails, text messages, or direct messages. Ideally, hover over the link to see the full URL before clicking on the link.
  • Use ExpandURL.net to examine shortened URLs before clicking.


Remote Desktop Protocol

Due to the shift to remote and hybrid work in 2020, there were an increase in remote desktop protocols (RDP) users to connect to a different office machine through a network connection.

Unfortunately, ransomware such as Dharma and SamSam can also spread through RDPs.

Cybercriminals spread ransomware through RDPs by infiltrating network connections with exposed ports. Meaning, RDPs who still use the default port 3389. If they’ve successfully infiltrated the machine, they now have the power to disable your anti-virus software, delete your backups, and install the ransomware into your machine. To top it all off, it is challenging to detect ransomware early on if it spreads through RDPs.

How to protect yourself against this infection method:

  • Refrain from using the default port 3389.
  • Use RDP only if necessary.
  • Always use VPN when enabling RDP.
  • Use strong passwords and implement 2-factor authentication for every access.

Free (Pirated) Software

Who doesn’t want a free version of their favourite software? I know I do. But apparently, downloading pirated software comes with a price, an expensive one at that.

Ransomware can spread through free (pirated) software. Hackers hide malicious codes within the cracked software bundles, and the ransomware is activated once the application is installed on the machine.

Do you ever wonder why cracked versions of Adobe products always require you to turn off your anti-virus software before you download them to your computer? This is because your anti-virus software will detect the malware and remove it.

How to protect yourself against this infection method:

  • Refrain from downloading and using pirated software.
  • Avoid torrent sites and the like.
  • Beware of surreal software deals. Only download your applications from trusted providers.

Major Takeaways of Ransomware Infection Methods

As we’ve now learned different ransomware-spreading methods, there are a couple of ways for you to reduce your risk of data breach and protect your data from cybercriminals.

  • Implement security awareness training and protocols in your organisation.
  • Invest in the right cyber security solution: use trusted anti-virus software and firewalls, enable automatic backup and retention, etc.

Your business relies on data to thrive in the technologically driven world. It is your responsibility to protect it from harm. Because once your data is encrypted and held for ransom, your business operations will come to a standstill unless you have an up-to-date backup and retention or have the means to pay the ransom itself (which we do not recommend).


Did you know that right at this moment, you might already be spreading ransomware without even knowing it?

Are you certain your IT is clean of any dormant malware or hidden trojans?  

Signup for a complimentary IT Health Check here and find any vulnerabilities your IT might have. Take this awesome chance to protect your data and reduce your risk to ransomware attacks. 

IT-Health-Check-Report-669369-optimized-min (1)

Find cyber risks before they find you

Don’t let yourself be a part of the statistic. Take action now and protect your data by booking a complimentary IT Health and Security Check.