Ransomware attacks have increased significantly in 2023 and the file encrypting malware is now used in around 20% of cyberattacks. Ransomware is used to encrypt business-critical files to prevent access, and a ransom demand is issued for the keys to decrypt the files. Most ransomware gangs also steal sensitive data before encrypting files and use double extortion tactics, where the ransom must be paid to recover data and prevent the stolen data from being leaked online or sold to other cybercriminals.
Ransomware gangs use a variety of methods for initial access to networks. Known vulnerabilities in software solutions are exploited, phishing is used to obtain credentials and for delivering malware downloaders, and ransomware is often delivered via the Internet. According to Palo Alto Networks, email attachments were the most common method used for initial access in 2021 and while still popular with many ransomware gangs, in 2022 web browsing was the most common ransomware delivery method. in 2022, email attachments were used as the delivery method in 12% of ransomware attacks; however, web browsing was the initial access vector in 76.5% of attacks.
Ransomware gangs compromise websites and use them to host their ransomware binaries and traffic is then sent to those malicious sites using a variety of methods. Links may be sent in emails and SMS messages with social engineering techniques used to trick individuals into clicking the links. Malicious adverts are often used – termed malvertising – to direct traffic to malicious sites. Many website operators have third-party adverts on their sites to increase revenue, and threat actors are able to sneak their malicious adverts in and display them on high-traffic websites. There have also been many cases of malicious adverts being displayed through Google Ads. Search engine poisoning is also used, where malicious web pages are created and search engine optimization (SEO) tactics are used to get the web pages to appear high in the search engine listings for specific search terms, often those likely to be used by businesses.
While most businesses have email security solutions in place to protect against phishing emails and block malicious attachments, they do not have adequate protection against these web-based attacks. Since web browsing is now such a common method of ransomware delivery, businesses need to ensure they are protected. The most effective way of blocking web-based ransomware delivery is to use a web filtering solution such as WebTitan Cloud. A web filter allows businesses to control Internet access by employees and prevent downloads of malicious files.
WebTitan Cloud is a 100% cloud-delivered web filtering solution that can be implemented in just a few minutes. Through the web-based Interface, businesses can configure category-based filters to prevent employees from visiting categories of websites that serve no work purpose and are commonly used to deliver malware, such as peer-to-peer file-sharing sites. WebTitan can be configured to block certain file downloads from the internet, such as executable files. This allows businesses to block malware and address the issue of shadow IT – unauthorized software downloaded from the Internet by employees. These unauthorized software downloads are a major security risk.
WebTitan is constantly updated with the latest threat intelligence. As soon as a malicious web page is detected, it is added to the WebTitan blacklist and users will be prevented from visiting that site. Any attempt to visit a blocked site will see the user directed to a local block page, ensuring threats are never encountered. If your business does not currently filter the Internet, give the TitanHQ team a call to find out more about WebTitan. WebTitan is available on a free trial so you can test the solution and see the difference it makes. Product demonstrations can also be arranged on request.