How hackers exploit poor application security in ransomware attacks