How Ransomware Works
Follow the typical ransomware chain from entry point to encryption and extortion.
Infiltration
- Ransomware often infiltrates your system through phishing emails, infected websites, or unsecured networks.
- Example: You receive an email claiming to be from your HR department with an attached "important document." Opening the attachment triggers the ransomware.
Encryption
- Once installed, ransomware encrypts your files, locking you out of your own data. It may target documents, images, and even backup files.
- Example: All your Word documents and family photos are replaced with files showing the extension .encrypted.
Ransom Demand
- A ransom note appears on your screen, instructing you to pay in cryptocurrency (e.g., Bitcoin) to regain access. The attackers often impose deadlines to increase pressure.
- Example: The note reads, “Pay $300 within 72 hours or your files will be permanently deleted.”
Key Takeaways
- Phishing attachments and malicious links are common entry points.
- Ransomware may spread before the ransom note appears.
- Fast isolation can limit damage.
Practice Exercise
Review a recent suspicious email and identify the clues that made it risky.