5 Phases of Ransomware Attacks

March 20, 2017

Ransomware is one of the most sinister threats out there for organizations because it is the most profitable type of malware attack. Once a cybercriminal hacks into a company’s files and encrypts them, organizations have little option but to pay the asking price for the code to decrypt and regain their original files. Understanding each phase of ransomware attacks can help you indicate what to look for and help mitigate the effects of attacks. There are five phases a ransomware attack goes through from the time it is installed on your computer to the “warning” on your screen. Experts recommend understanding each of the given phases of ransomware attacks, which are as follows:

Phase 1: Exploitation and Infection

Malicious ransomware needs to be installed on a computer to be successful. This is often completed through a phishing email or an exploit kit. An exploit kit is a malicious toolkit used to exploit security holes in software applications.

Phase 2: Delivery and Execution

Once exploitation is complete, typically within a few seconds, the delivery of the actual ransomware is delivered to the victim’s system.

Phase 3: Backup Spoliation

In phase three, the ransomware Trojan targets and deletes the company’s backup files. This is especially dangerous because without backup files victims have no way to recover from the attack.

Phase 4: File Encryption

Once the backups are compromised, ransomware performs a secure key exchange with the command and control (C2) server, on the local system. The encryption keys will be used to unlock the files once the victim pays the ransom demand.

Phase 5: User Notification and Cleanup

Now that the backup files are removed and the encryption is complete, instructions for extortion and payment are demanded. Generally, a company will be given a few days to pay the ransom before the cybercriminals increase the payment amount.With ransomware evolving and becoming more popular, businesses need to consider an advanced threat protection approach. Contact the security professionals at EDCi for more information.Looking for more info on combating ransomware? Here is a great interactive infographic: A Network Manager's Guide To Ransomware

Meet the Author
Connect on LinkedIn

Hope you found our EDCi insights interesting and informative.

If you did, why not subscribe for more related content? Don't miss out on the latest updates and exclusive insights!
Thanks for joining EDCi's insights.
Oops! Something went wrong while submitting the form.