red arrow pointing right
Back to insights

Common Ransomware Attacks and How to Avoid Them

July 2021
July 2021

Of all the dangers the digital has to present to companies and even individuals, ransomware has to be one of the most dangerous cyber threats imaginable. Pairing its destructive power with the increase in reported ransomware attacks, businesses are urged to implement security strategies to fight back ransomware and be prepared with contingencies should the worst ever happen.

That being said, ransomware attacks its unsuspecting victims in many ways, finding vulnerabilities to encrypt files and wreak havoc. In this article, we'll tackle the three common ways ransomware can attack individuals and what you can do to avoid them.

1. Exploit Kits

One of the most dangerous ways a victim can ever experience ransomware is through an exploit kit. It is an advanced type of malware tool that helps cybercriminals target poor victims through known software vulnerabilities. The exploit kits themselves are a collection of multiple malware codes, allowing these criminals to carry out intricate and thorough attacks. A great example of such ransomware is a malware called "WannaCry," infecting thousands upon thousands of users. Fortunately, the vulnerability that WannaCry utilizes has since been patched.

An easy way to ensure you do not fall victim to exploit kits is to update your software. Although simple, this is an activity that many people forget to do. As such, create a schedule to check for updates often to ensure you get the latest security updates to keep your devices ransomware-free!

2. Open RDP Ports

Another type of ransomware attack is known as RDP attacks done through open RDP ports. The attack happens when RDP (remote desktop protocol) has been misconfigured, allowing attackers to use RDP to download malware into business networks.

To avoid this issue entirely, disabling the RDP protocol is a must. In a Windows 10 computer, all you need to do is open the settings panel for the Remote System Properties. From there, click on "Don't allow remote connections to this computer," and it should be done! Note that this process is different for different operating systems, so do a little research on how to avoid RDP attacks. On that note, understand that RDP allows IT individuals to work on devices remotely, so if it is needed, ensure that it is configured correctly to block unauthorized access.

3. Phishing Emails

One of the most common types of ransomware attacks, and the most successful one, is phishing emails. Phishing emails are malicious emails designed to trick a person into believing it is a legitimate email. From there, the unsuspecting victim clicks on a link, expecting to carry out a task. In reality, the link downloads ransomware straight into the computer, carrying out the attacker's intent.

To stop phishing emails, there are generally two critical things you must do. First, you must train your employees to identify phishing emails. This includes giving them examples of phishing emails and teaching them how to spot and treat malicious emails. On the other hand, you can also set up email filters as a passive way to scan each email before it arrives at the inbox. This way, the number of phishing emails are cut down as much as possible, while your employee training will catch the rest that does get through.


No matter who you are, you do not want to be subject to any of the ransomware attack types we've mentioned above. They're all destructive one way or the other way, and finding malware in your business network means trouble. Apart from actively trying to fight back malware like ransomware, it is also essential to have backup plans. This includes backing up your database and essential files to ensure that should your files get encrypted, you still have access to the latest copies of the files to reduce downtime for your business.

Scaramanga is a Swiss-based consulting firm offering data protection, information security, and compliance consulting to keep businesses safe from cyber attacks and remain productive! If you are looking for data privacy consultants to help you prepare for digital threats, reach out to us today!