The brute force attacks is a common technique of hackers for distribution ransomware. The ransomware attacks have increased a lot during 2019. During this time many large attacks have been made Companies, which highlight the magnitude of the damage that can be caused when hackers encrypt whole networks.
In fact, the problems that can arise are so great that victims have no choice but to pay the ransom. In most cases, hackers ask for hundreds of thousands of dollars, which they usually want in form Bitcoin or some other type cryptocurrency.
F-Secure security investigators have created honeypots to track suspicious activity and attacks by its criminals cyberspace during the first half of 2019.
The exhibition "Attack Landscape H1 2019"Shows that basic method of infringement of computers for distributing ransomware is brute force attack. 31% of file encryption attempts start with brute force attack.
In brute force or credential-stuffing attacks, hackers use it as many as possible codes access, often with the help of bots, to see if any of them fit the target and thus infringe on them accounts of the victims. Many people use easy or default codes, which facilitate the work of hackers. Criminals start with common codes or credentials, found in bases data, that have leaked. Thus, there are many chances of success of the attack.
F-Secure lead researcher said: "Brute force attacks are the main choice of hackers because they are effective. We see that they exist many accounts that have common and weak passwords, and so hackers can easily bypass them. "
In addition to brute force attacks, hackers use them Phishing and spam emails for distributing ransomware. According to the report, almost a quarter of the ransomware attacks on F-Secure honeypots were via e-mail.
All it takes for the attack to succeed is opening a malicious attachment. A malicious file can cause the entire network to be encrypted. GandCrab ransomware, one of 2019's most popular ransomware, was spread by email.
Other ways of distributing ransomware are violated firmware, fake software, malvertising campaigns, exploit kits and other.
The final conclusion of the report is that all forms cyberattack is on the rise. Therefore, companies and organizations should be on alert and take security measures.
Some of these measures are tactics information applications and their systems to prevent hackers from exploiting old vulnerabilities, or use strong passwords and the frequent change them, o authentication multi-agent and h education of the staff.