This post is also available in: heעברית (Hebrew)

Whether an employee accidentally opened a malicious email, or a security flaw was utilized, ransomware is reported on constantly by companies, organizations and individuals effected. But what really happens when you find yourself as a victim of a ransomware attack? Ransomware attacks work in 5 stages:

Stage 1: Infection

The download and execution of a fully-functioning, malicious software that spreads laterally through the network to infect as many systems as possible. The system that was initially compromised could be viewed as patient zero who brought the disease of malware into the network and allowed it to spread.

Step 2: Staging

Once the malware payload has spread, it will begin to modify the operating system to ensure persistence. Assuming the endpoint and network detection tools don’t find the activity, you may see seemingly benign increases in network traffic and attempts to access websites and systems on the internet that are not commonly accessed.

Step 3: Scanning

Some ransomware will scan for specific file types to encrypt while others will focus on the storage arrays taking a wider brush to data discovery. Still others will scan for open ports and vulnerabilities that can be exploited as part of a more direct action.

Step 4: Encryption

Once the ransomware has spread as far as it can or a specified amount of time has passed, the process to encrypt files will begin. As the encryption process is happening, attackers may also begin to exfiltrate data to request multiple ransoms.

Step 5: Extortion

Once you have lost access to your data, the attackers will provide a ransom note which will explain that your data is being held hostage and provide the amount and method of payment (usually cryptocurrency) as well as a time limit for the payment. The note will also outline what will happen to the encrypted data if the ransom isn’t paid

Prepared to dive into the world of futuristic technology? Attend INNOTECH 2023, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on March 29th-30th

Interested in sponsoring / a display booth at the 2023 INNOTECH exhibition? Click here for details!