Of all the malware circulating in cyberspace, ransomware attacks are the most profitable for cyber criminals and have thus become commonplace. Cyber experts say it’s not a matter of if but when a company like yours will be hit.
Knowing the stages of a ransomware attack can help you recognise the indicators and defend yourself more easily against – or at least lessen the effect – of one.
Let’s have a look at the five stages, and where the ransomware can be intercepted.
Stage 1: Infection
Phishing emails and exploit kits are common routes to gaining entry to a computer network. With phishing, attackers rely on you to click on an executable file that will infect your computer and gain access to the network. With exploit kits, attackers without much technical know-how can use automated threats to scan for vulnerable browser-based apps, divert web traffic and run the ransomware.
Stage 2: Installation and execution
During this phase, the ransomware needs to install itself on your system and identify vulnerable files. If the ransomware has arrived by email, it needs you to activate it, by clicking on it.
Note: With cyber security in place, it’ll likely disrupt the process at either Stage 1 or Stage 2.
Stage 3: Backup hijacking
If the ransomware isn’t intercepted it first hijacks your backup process and removes the backup files and folders. This doesn’t matter too much if you have automated backup in place as your files will all be safely stored on a remote backup server.
Stage 4: Encryption
Once your backups have been removed, the ransomware encrypts your vulnerable or most valuable files. The ransom demand is supposed to “unlock and decrypt” your data, but according to The State of Ransomware 2021 survey recent attacks show that only 8% got their data back when the victims paid the ransom!
Stage 5: Notification and cleanup
With the backup files removed and the encryption complete, the demand instructions for the ransom demand are sent.
Sometimes you’re given a few days to pay before the ransom goes up. If you have automated backup in place, you have the choice of paying the ransom and possibly not getting your data back, or using your trusted backup to restore your system and return to normal.
Do you have proper data protection in place?
New all-in-one cyber security and backup product gives more peace of mind