Complete I.T. Blog

How do ransomware infections happen?

by | Nov 24, 2016 | Archived Articles

Though the infection phase is slightly different for each ransomware version, the key stages are the following:


Initially, the victim receives an email which includes a malicious link or a malware-laden attachment. Alternatively, the infection can originate from a malicious website that delivers a security exploit to create a backdoor on the victim’s PC by using a vulnerable software from the system.

If the victim clicks on the link or downloads and opens the attachment, a downloader (payload) will be placed on the affected PC.

The downloader uses a list of domains or C&C servers controlled by cyber criminals to download the ransomware program on the system.

The contacted C&C server responds by sending back the requested data, in our case, the ransomware.

The ransomware starts to encrypt the entire hard disk content, personal files and sensitive information. Everything, including data stored in cloud accounts (Google Drive, Dropbox) synced on the PC. It can also encrypt data on other computers connected in the local network.

A warning pops up on the screen with instructions on how to pay for the decryption key.

To ensure your business is as safe as possible from ransomware attacks, take a look at this blog on How to Protect your Business from a Ransomware Attack

Call us on 01628 552 860 or email to book a meeting.

Get In Touch

Contact Us

Head Office 01628 243 057

Peterborough – 01733 731 367
Swindon – 01793 934 307
Oxford – 01865 800 008
Bristol – 01172 420 786
High Wycombe – 01628 243 057
London – 02078 462 332
Manchester – 01618 234 107
Birmingham –01214 610 315