The Top 3 Ransomware Attack Vectors and the Role of Unified Endpoint Management

Over half of all organizations were attacked with ransomware last year and the top three points of entry, called ransomware attack vectors, accounted for over 90% of those attacks.1 These points of entry are sometimes referred to as threat vectors or infection vectors, and the vast majority of them exist on endpoints. As a result, protecting endpoints from ransomware and other cyberattacks has become a high priority for IT organizations.

The top three ransomware attack vectors

The top three attack vectors for the delivery of ransomware are email phishing attacks, Remote Desktop Protocol (RDP) compromises and software vulnerability exploits. These are the methods that the vast majority of hackers are currently using to gain access into IT environments.

Your email system is like an open front door with a welcome mat that accepts virtually every email sent to a valid email address. It’s no wonder that hackers use email to attempt to deliver and deploy ransomware.

Remote desktop access is like a window into your environment that provides another way for a hacker to gain entry, but is a little more difficult to use than coming in the front door.

Lastly, software vulnerability exploits are hidden entrances to your IT environment like the doors of Durin, the secret entrance to the mines of Moria in the first Lord of the Rings movie. These entrances are not easily found, unlocked or opened, but they still provide inquisitive hackers with significant cybercrime opportunities.

1.    Ransomware attack vector: email phishing attacks

Phishing is a scam where a hacker will send out an email to try and trick the recipients into downloading a virus by either clicking on a link in the email or by downloading an attachment. These emails will look legitimate and appear as though they are being received from a person or organization that the intended victim normally trusts.

University Hospital in Newark, NJ experienced a SunCrypt ransomware attack in September 2020 that was initiated with a phishing email. The email resulted in the TrickBot Trojan virus being downloaded. The hospital paid a ransom of $640,000 to prevent 240GB of patient data from being published.

2.    Ransomware attack vector: Remote Desktop Protocol (RDP) compromises

Hackers use penetration testing software like Cobalt Strike to scan and find open ports. Once they find open ports, the hackers then implement brute-force password hacks on those open ports to gain access to, and complete control over, the systems being hacked. Kaspersky has reported that brute-force attacks targeting RDP have increased by over 400% in the last year.

In September 2020, Universal Healthcare Services with its 400 care sites sustained a Ryuk ransomware attack through a brute-force attack on RDP. The attack resulted in $67 million in recovery costs and lost revenue by causing three weeks of downtime to their Electronic Healthcare Record (EHR) system.

3.    Ransomware attack vector: software vulnerability exploits

Hackers have two general approaches for taking advantage of unpatched software vulnerabilities. Either they already have a way to exploit a certain software vulnerability and they use a scanning tool to discover organizations with this specific vulnerability, or they scan a target organization looking for any vulnerabilities they can find, and if they find one, they then search for a way to exploit it. And then once they find a way in, they look for a way to exploit your environment to deploy ransomware as far and wide in your organization as they can.

A recent high-profile example of a software vulnerability that was exploited this year is the Kaseya software hack. This attack exploited zero-day flaws in one of their solutions. The attack impacted over 1,500 organizations, many of which were compromised by infecting their managed service provider (MSP).

Unified endpoint management provides a foundation for endpoint security

A unified endpoint management (UEM) solution gives you the ability to discover, manage, and secure all the endpoints that access your network from a single dashboard. You can centrally manage and secure Windows desktops, laptops, servers and mobile devices, Mac desktops and laptops, Linux machines and servers, Chromebooks, iOS and Android mobile devices, non-computer devices like printers, and even Internet of Things (IoT) devices.

Enterprise Management Associates (EMA), in an article in Security Intelligence,2 recommends that unified endpoint management is a key part of a ‘responsible approach to endpoint security.’ Steve Brasen, the research director of EMA, states, “unified endpoint management (UEM) solutions designed to support all endpoints across an entire IT ecosystem offer the optimal platform from which to manage a diverse range of security processes.”

The role of unified endpoint management in protecting ransomware attack vectors

While a unified endpoint management solution will not alleviate the need for other security measures and technologies, it can play a significant role in helping to fortify the ransomware attack vectors in your IT environment. Let’s take a closer look at the role of unified endpoint management in defending the top three ransomware attack vectors.

Fortifying endpoints to defend email phishing attacks

Email phishing attempts can be the hardest ransomware attack vector to defend, as much of your success in thwarting these attempts are controlled by your employees. While employee security training supplemented by email filtering and antivirus software provide your fundamental protections, unified endpoint management can supplement your security measures by giving you better visibility and control of the endpoints that access your network.

Unified endpoint management solutions enable you to discover exactly what’s connecting to your network, regardless of the platform or OS. You can identify endpoints with missing or outdated operating systems, web browsers and antivirus applications, and then automate the provisioning of the needed software, patches or security updates. You can quickly and easily alert all users with broadcast advisory emails notifying them of phishing attacks that are currently hitting user inboxes and advising them of any needed actions on their part. And when you need to perform a workstation refresh or supply new workstations, a unified endpoint management solution can streamline the process of enrolling and imaging endpoints.

Fortifying endpoints to defend remote desktop compromises

Remote desktop protocol provides workers with remote access to resources on the corporate network. The use of RDP has skyrocketed over the last year to support employees working from home due to the pandemic.

Automate patch management and endpoint management

Patch, secure, and manage every endpoint

Automate patch and endpoint management – including third-party applications from the cloud.

Unified endpoint management can help defend against RDP attacks by discovering all endpoints that have RDP enabled, plus those that do not have multi-factor authorization (MFA) implemented, and then automating the provisioning of MFA to those endpoints to minimize the risk. By implementing MFA, even if a hacker uncovers the password to an endpoint in a brute-force attack, they then will face another formidable barrier to gaining access and control of that endpoint.

Fortifying endpoints to defend software vulnerability exploits

Due to the complexity involved, software vulnerability exploits are not as prevalent as phishing and RDP attacks, but the effects can be every bit as severe. Misconfigured, outdated and unpatched software are three of the primary causes of the software vulnerabilities that hackers attempt to exploit. And when the average organization takes 97 days to fully deploy patches,3 it’s no wonder that software vulnerability exploits are among the top three ransomware attack vectors.

A unified endpoint management solution can help you defend these exploits by discovering endpoints with misconfigured, outdated or unpatched software and then automating the provisioning of the deployments, patches and updates that are needed to raise the defenses of your endpoints against software vulnerabilities. A unified endpoint management system may also provide you with the ability to perform your own vulnerability scans of your environment to identify previously unknown risks that you will need to remediate.


The top three ransomware attack vectors are the avenues that most hackers currently use in their attempts to enter and exploit your IT environment. While the methods of cybercriminals may change over time, a unified endpoint management system is an important solution for strengthening your ransomware defenses now and in the future.

Redefining endpoint management in the modern IT landscape

Cyber security expert Nick Cavalancia discusses the latest security risks and compliance vulnerabilities endpoint devices are creating and how best to overcome them.

Watch Now

About the Author

Ken Galvin

Ken Galvin is the Director of Marketing for the KACE Unified Endpoint Management and Data Protection solutions of Quest Software’s Information Systems Management business. He has been with KACE for eight of his sixteen years at Quest where he previously managed Product Management for other products related to datacenter and endpoint management. Ken lives with his wife in Virginia 1.5 hours west of Washington, DC where they raised their four adult children.

Related Articles