techniques deployed on email and social channels are very similar in nature and involve an element of ransomware social engineering to enable the initial compromise to succeed. In the case of social media compromise, the attacker can often perform their target recon on the channel itself (e.g. LinkedIn) and then simply make a connection request to the target to begin establishing the trust relationship. In fact, the more connections the attacker makes within the organization, the greater the sense of trust that is established.
At this point, the attacker is in an excellent position to launch the attack by sending a malware-laced attachment or link to the targeted victim, under the pretext of a legitimate purpose. For example, cyber criminals might adopt the guise of a recruiter, and after penetrating the organization with a multiplicity of connection requests, may now send a malware-laced file link under the cover of a job description. Once the victim clicks through on the document, the host device can be compromised with a first stage malware payload.
In an enterprise attack, this would only be the first stage and would unlikely contain ransomware per se. The longer term objective would be to effect lateral movement for long term persistence and to establish command and control for data exfiltration and finally ransomware deployment.