How Ransomware Encrypts Files
In a worst-case scenario, ransomware attacks can keep an organization offline for months. During that time, it cannot provide the service its employees were hired to do, and therefore can’t make money. And if customers can’t find or access your products and services, they may move to competitors who can.
Once ransomware has wormed its way into a victim’s system, it can do many things, but by far the most common is encrypting files. As the Infosec Institute explains, this involves accessing files, encrypting them using an attacker-controlled key, and replacing the originals with encrypted versions. Then, the malware presents a message demanding payment in an untraceable cryptocurrency like Bitcoin.
Cybercriminals have evolved their attacks over the years, from classic ransomware that simply overlaid a warning on a user’s display to more sophisticated ransomware variants that truly lock down a PC and its files. They have also developed techniques that exploit the power of a victim’s computer to generate cryptocurrencies, which requires a lot of computing power.
There are some tools that can help decrypt files after an attack, but they require a fair amount of technical knowledge and only work for specific ransomware families. The best defence against these threats is an ongoing commitment to automated, protected backups of all data. This will allow you to recover quickly from an attack without losing any valuable information and avoid paying a ransom to recover your data. It’s also important to report any ransomware incidents to law enforcement, as it can help researchers develop decryptors for new variants.