Security News > 2023 > July > Web browsing is the primary entry vector for ransomware infections

The most widely used method for ransomware delivery in 2022 was via URL or web browsing, Palo Alto Networks researchers have found.

Third-party apps were the primary entry vector for ransomware infections in 8.2% of cases recorded by the company in 2022.

The attackers have been spotted rotating different URLs/hostnames to host the same ransomware or using the same URL to deliver different ransomware.

"The same ransomware can be delivered through multiple URLs, and the same URL can deliver multiple ransomware variants, or even other types of malware," the researchers noted.

Delivering ransomware binaries from different hostnames is likely employed to evade URL blocking services and to avoid takedown.

Ransomware gangs are also fond of using popular public hosting, social media and media-sharing services, as well as long-lived benign domains they've managed to compromise, for ransomware delivery.

News URL

https://www.helpnetsecurity.com/2023/07/31/ransomware-delivery-2022/