"Web Browsing Is the Primary Entry Vector for Ransomware Infections"

Researchers at Palo Alto Networks discovered that in 2022, the most widely used ransomware delivery method was URL or web browsing. In 2021, it was email attachments (i.e., delivery via SMTP, POP3, and IMAP protocols), but in 2022, only 12 percent of attempts used this particular delivery channel. In 8.2 percent of ransomware infections recorded by the company in 2022, the primary entry vector was third-party applications. Palo Alto Networks has been tracking and analyzing ransomware-hosting URLs and hostnames. Based on a large, random sample (7,000 URLs out of 27,000 unique ones), they identified several techniques used by ransomware groups to prevent their websites from being identified, taken down, or blocked. The perpetrators have been observed rotating different URLs/hostnames to host the same ransomware or using the same URL to deliver different ransomware. Some attackers engage in both of these tactics. This article continues to discuss key findings regarding ransomware delivery URLs. 

Help Net Security reports "Web Browsing Is the Primary Entry Vector for Ransomware Infections"