9 Methods Cybercriminals use to deploy Ransomware

May 12th 2017 saw the biggest ever cyber attack in Internet history - WannaCry stormed through the web, with the damage epicentre being in Europe.

WannaCry leveraged a vulnerability in Windows OS, first discovered by the National Security Agency (NSA).

In the first few hours, 200,000 machines were infected. Enterprise organisations such as Renault and the NHS in the UK were struck and crippled by the attack.

A few weeks later, a ransomware strain called Petya started spreading across Europe, specifically targeting Ukrainian institutions and banks, and even the radiation monitoring system used at Chernobyl.


Ransomware and cyber criminals, will never stop. That is why Ransomware Protection should now be an essential part of an organisation’s security posture.

It’s important that companies understand that Ransomware protection should be deployed as your last line of defence rather than your first – the David De Gea of your security formation.

Educating a workforce is critical to prohibiting inbound attacks. This blog aims to highlight the most common infection methods used by cybercriminals.


(1) Spam email campaigns: Emails can contain malicious links or attachments (there are plenty of forms that malware can use for disguise on the web).

Spam email campaigns


(2) Security exploits in vulnerable software: Cyber criminals use flaws in software for their own malicious intents. Applications that have security holes include: browsers you use daily, browser add-ons, browser plugins and desktop applications.


(3) Internet traffic redirects to malicious websites

Internet traffic redirects to malicious websites


(4) Legitimate websites that have malicious code injected in their web pages: Systemically compromising websites which run an outdated CMS (content management system) or outdated plugins. The cyber attack is mainly directed at websites built on WordPress, and the consequences could be dire.


(5) Drive-by downloads

Drive-by downloads


(6) Malvertising campaigns

Malvertising campaigns


(7) SMS messages (when targeting mobile devices)



(8) Botnets: Described as a network of private computers infected with malicious software and controlled as a group without the owners' knowledge. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection.


(9) Self-propagation: Spreading the ransomware from device to another. WannaCry, for instance, used an exploit kit that scanned a user’s PC, looking for a certain vulnerability, and then launched a ransomware attack that targeted it.


At PFH, we offer Managed Security Services to all our customers. We deploy, monitor and manage this solution from our Network Operations Centre (NOC) in Cork.

These services include Managed Ransomware and also Managed Disaster Recovery as a Service.

Our proven solutions ensure that your data is safeguarded by our IT experts using best-in-class technologies. This ensures minimal risk to the organisation and the IT manager.

For more detailed information regarding our Custodian™ Managed Services, download our eBook.

Why not request a competitive quote here.


Transforming the T of IT into Service

Transforming the T of IT into Service

Tuesday 22 October 2019

The early years of the 21st century saw rather too many ‘boom-bust’ stories of companies and the IT departments that served them.
Read More
Managed Firewall - The First Line of Defence

Managed Firewall - The First Line of Defence

Thursday 31 May 2018

A secure firewall is one of the most important elements within a network infrastructure. Without one, any hackers job becomes a lot easier.
Read More