Anatomy of a Ransomware Attack
July 22, 2019

Ransomware is on the rise. Recent research from Malwarebytes found that ransomware targeting businesses has increased by 195% compared to the last few months of 2018.

For hackers, ransomware remains a lucrative business. The average cost of a ransomware demand has now doubled to $36,295 according to new research from Coveware. As long as ransomware remains profitable, hackers will continue to target organizations with these attacks.

Source: ZDNet

How a Ransomware Attack Works

Ransomware is constantly evolving to outmanoeuvre advances in cybersecurity technologies. It helps to understand how a ransomware attack works in order to take precautions to help protect against these attacks. While each ransomware strain is different, they typically follow a general set of steps to infect computers.

1. Find an entry point: To start the infection process, the ransomware has to find a way into the target’s system. There are a variety of ways a hacker can spread ransomware, such as exploiting a vulnerability or sending a phishing email.  

2. Install the malware: Once the malicious file is opened, the system begins to install the ransomware. The ransomware then connects to the attacker’s Command and Control (C&C) server to receive the cryptographic keys.

3. Encryption: The ransomware starts to encrypt any files it can find after receiving the encryption key from the C&C server. All original files are deleted from the machine and a new encrypted file is uploaded in its place. In order to decrypt the files, the user must have the decryption key that unlocks the files.

4. Ransom demand: Unlike malware or other attacks that try to hide or evade detection, ransomware attacks want targets to know that their systems have been compromised. Attackers will notify victims of the attack once the encryption process is complete. A ransom demand will appear in every folder of the encrypted files, with directions on how to contact the hackers and how much payment (usually in bitcoin) they request. These ransom messages usually have a deadline for payment and will often threaten to delete files if they are not paid. Unfortunately, paying the ransom doesn’t always mean that the hackers will give victims the decryption keys, which is why there is no consensus on whether organizations should pay the ransom or not.

What to Do If You’re Infected by Ransomware

Prevention and awareness are key to protecting against ransomware. However, mistakes can happen, and anyone can accidentally click on a malicious link. Here’s some things to keep in mind if you find yourself facing a ransomware attack.

1. Isolate the infection: In order to stop the ransomware attack from spreading to other parts of your network you need to isolate the infected machine. Disconnect the computer from the network to help prevent it from communicating with the C&C.

2. Identify the ransomware: Identifying the type of ransomware infection can help with the removal process. The ransom demand will typically identify what kind of ransomware has been installed but you can also do some research online to determine what type of ransomware strain you’re facing. It’s important to note that even if you can remove the ransomware, lingering malware might still be present on the system. For your own safety, ensure your systems are wiped clean so that no remnants remain.

3. Hire a cybersecurity consultant: When you’re in a crisis it can help to have an expert on your side. A cybersecurity consultant can help guide you through the process of dealing with a ransomware attack. They can help you negotiate the ransom and give advice on what to do.

4. Try to recover files: If you have a good backup system that’s isolated from the main network, you might be able to restore your encrypted files from your backup system. If you are unable to do so, ensure that you protect your systems with security solutions and backup all your files so that you are prepared for any future disasters. 

You May Also Like…


Submit a Comment

Your email address will not be published. Required fields are marked *

Solutions to Grow Your Business

We've got you covered with our comprehensive portfolio of solutions.

Cybersecurity Solutions

Cyber Incident ​Response
Endpoint Detection and Response (EDR)
Extended Detection and Response (XDR)
Firewall Security
Mail Security
Penetration Testing Services
Security Baseline Assessment
User Defence
Vulnerability Detection Response (VDR)
Wi-Fi Security

Backup & Recovery Solutions

Hybrid Backup
Enterprise Backup
Mail Archiving

Public & Private Cloud Solutions

Azure Management and Monitoring
Microsoft 365 Administration
Private Cloud
Microsoft CSP

Helpdesk & Field Services Solutions

Professional Services & Consulting Solutions

Monitoring & Management Solutions

Hardware Maintenance Solutions

Application Management Services

Telco Industry Solutions

AI Business Solutions

Your partner in digital transformation

Helping the next generation of MSP and IT solution providers transform and grow.

businessmans handshake

Types of Partners

Managed Services Provider (MSP)

Internet Service Provider (ISP)

Value Added Reseller (VAR)

businessmans handshake

Partnership Overview

Jolera’s partner program offers flexibility to engage with us on your terms. We have spent more than two decades building award-winning best in class partner enablement and turnkey end-customer solutions for you.

Partner Program

Jolera has three partner programs to choose from: Select, Preferred and Premier.

Learn about us and the legacy we have created

At Jolera, we treat each MSP partner with specialized care. With more than 20 years of IT experience, we offer the latest technology to navigate cloud, security, endpoint, and storage needs.

vintage pocket watch vintage background concept

About Us

Jolera is widely recognized as a global managed services leader. We started as managed services provider over 20 years ago and have been at the forefront of managed services innovation ever since.


Our People

As a service provider our main goal is to make the customer happy. For that final goal, we need passionate and happy people working with us – Our People Are Our Biggest Asset.


Our Leaders

We are performance driven at the core - tying together best of breed technology and industry leading expertise with pragmatic processes built to deliver outcomes.

Meet Our Leaders!