The initial intrusion is usually through email.
I’ve gotten several very suspicious emails lately. Most recently, I got an email confirming an airline reservation that I never made, but it had a .zip attachment, something a real airline would never do.
“The initial intrusion is usually through email.”
Again, these computers had no access whatsoever to e-mail, and they had no connectivity to any computer that did handle e-mail. E-mail was handled on other clients, and they were unaffected.
Circumstantial evidence stronly suggests the rootkits were brought in by other malware through adservers triggered during visits to Websites for cdertain MSM Websites and Youtube music. I’m can’t be sure, but two of the FBI Ransomware attacks seem to have presented themselves immediately after using the Youtube link to play Alice’s Restaurant during Thanksgiving. When I can afford the time and resources, I may test that theory using an easily reconfigurable system.