none

Though the infection phase is slightly different for each ransomware version, the key stages are the following:

Ransomware-infection

Initially, the victim receives an email which includes a malicious link or a malware-laden attachment. Alternatively, the infection can originate from a malicious website that delivers a security exploit to create a backdoor on the victim’s PC by using a vulnerable software from the system.

If the victim clicks on the link or downloads and opens the attachment, a downloader (payload) will be placed on the affected PC.

The downloader uses a list of domains or C&C servers controlled by cyber criminals to download the ransomware program on the system.

The contacted C&C server responds by sending back the requested data, in our case, the ransomware.

The ransomware starts to encrypt the entire hard disk content, personal files and sensitive information. Everything, including data stored in cloud accounts (Google Drive, Dropbox) synced on the PC. It can also encrypt data on other computers connected in the local network.

A warning pops up on the screen with instructions on how to pay for the decryption key.

To ensure your business is as safe as possible from ransomware attacks, take a look at this blog on How to Protect your Business from a Ransomware Attack

Call us on 01628 552 860 or email enquiries@complete-it.co.uk to book a meeting.

Share this entry


Get In Touch
close slider

New Enquiry

Get In Touch

If you are an existing client to get support call us on:

01179 231133 (Bristol)
01628 552860 (High Wycombe)
0207 993 0010 (London)
01865 593012 (Oxford)
01733 362455 (Peterborough)
01793 688597 (Swindon)

Login to the portal