One of the biggest questions surrounding ransomware is, “How do computers or networks become affected by ransomware?” Ransomware is commonly delivered through mass phishing emails with attachments that appear to be photos, reports, invoices, resumes, or other legitimate business communications. When the user opens the attachment, the ransomware deploys and starts encrypting data files. Ransomware can target data files in any drives connected to the computer including network shares or Drobox mappings.

Another common method of ransomware infection is drive-by downloading. Drive-by downloading occurs when a user unknowingly visits a compromised website and through visiting the website, malware is downloaded and installed on the user’s computer without their knowledge or permission.

A third method of ransomware infection is malvertising. Through malvertising, cybercriminals inject malicious or malware-laden advertisements into legitimate webpages. Malware travels through the advertisement and can infect the user’s computer without the user clicking on the ad and does not rely on a vulnerability in the hosting website.