5 Phases of Ransomware Attacks
Ransomware is one of the most sinister threats out there for organizations because it is the most profitable type of malware attack. Once a cybercriminal hacks into a company’s files and encrypts them, organizations have little option but to pay the asking price for the code to decrypt and regain their original files. Understanding each phase of ransomware attacks can help you indicate what to look for and help mitigate the effects of attacks. There are five phases a ransomware attack goes through from the time it is installed on your computer to the “warning” on your screen. Experts recommend understanding each of the given phases of ransomware attacks, which are as follows:
Phase 1: Exploitation and Infection
Malicious ransomware needs to be installed on a computer to be successful. This is often completed through a phishing email or an exploit kit. An exploit kit is a malicious toolkit used to exploit security holes in software applications.
Phase 2: Delivery and Execution
Once exploitation is complete, typically within a few seconds, the delivery of the actual ransomware is delivered to the victim’s system.
Phase 3: Backup Spoliation
In phase three, the ransomware Trojan targets and deletes the company’s backup files. This is especially dangerous because without backup files victims have no way to recover from the attack.
Phase 4: File Encryption
Once the backups are compromised, ransomware performs a secure key exchange with the command and control (C2) server, on the local system. The encryption keys will be used to unlock the files once the victim pays the ransom demand.
Phase 5: User Notification and Cleanup
Now that the backup files are removed and the encryption is complete, instructions for extortion and payment are demanded. Generally, a company will be given a few days to pay the ransom before the cybercriminals increase the payment amount.
With ransomware evolving and becoming more popular, businesses need to consider an advanced threat protection approach. Contact the security professionals at EDCi for more information.
Looking for more info on combating ransomware? Here is a great interactive infographic: A Network Manager’s Guide To Ransomware