Know the 5 stages of a ransomware attack

Of all the malware circulating in cyberspace, ransomware attacks are the most profitable for cyber criminals and have thus become commonplace. Cyber experts say it’s not a matter of if but when a company like yours will be hit.

Knowing the stages of a ransomware attack can help you recognise the indicators and defend yourself more easily against – or at least lessen the effect – of one.

Let’s have a look at the five stages, and where the ransomware can be intercepted.

Stage 1: Infection

Phishing emails and exploit kits are common routes to gaining entry to a computer network. With phishing, attackers rely on you to click on an executable file that will infect your computer and gain access to the network. With exploit kits, attackers without much technical know-how can use automated threats to scan for vulnerable browser-based apps, divert web traffic and run the ransomware.

Stage 2: Installation and execution

During this phase, the ransomware needs to install itself on your system and identify vulnerable files. If the ransomware has arrived by email, it needs you to activate it, by clicking on it.

Note: With cyber security in place, it’ll likely disrupt the process at either Stage 1 or Stage 2.

Stage 3: Backup hijacking

If the ransomware isn’t intercepted it first hijacks your backup process and removes the backup files and folders. This doesn’t matter too much if you have automated backup in place as your files will all be safely stored on a remote backup server.

Stage 4: Encryption

Once your backups have been removed, the ransomware encrypts your vulnerable or most valuable files. The ransom demand is supposed to “unlock and decrypt” your data, but according to The State of Ransomware 2021 survey recent attacks show that only 8% got their data back when the victims paid the ransom!

Stage 5: Notification and cleanup

With the backup files removed and the encryption complete, the demand instructions for the ransom demand are sent.

Sometimes you’re given a few days to pay before the ransom goes up. If you have automated backup in place, you have the choice of paying the ransom and possibly not getting your data back, or using your trusted backup to restore your system and return to normal.

Do you have proper data protection in place?

New all-in-one cyber security and backup product gives more peace of mind


Get a 14-day free trial

Step 1 of 2

  • Sign up for your
    Free Trial

    Please complete the form to sign up for your free trial. For all our other products, please contact us for a consultation.

  • I have read and understand IronTree Internet Services CC's privacy notice.

  • Hidden
  • I have read and understand IronTree Internet Services CC's privacy notice.

  • I have read and understand IronTree Internet Services CC's privacy notice.

  • I have read and understand IronTree Internet Services CC's privacy notice.

We are taking all necessary precautions around the COVID-19 situation. Our offices are closed and our team members have each been set up to work remotely in self-isolation at home. As far as possible IronTree will maintain business as usual. All our resources such as server platforms, transactional capacity, telephony and electronic communications, including video meeting facilities, have been configured in the cloud and are 100% operational. Please feel free to contact us if you require our assistance. Stay safe!
One of our team members will be happy to help answer any questions you have!
Just click the chat icon in the right-hand corner.