How does ransomware encrypt files?



The very word strikes fear in the hearts and minds of CEOs, CSOs and IT security managers alike. So much trepidation over the word is caused by the fact that it is usually mentioned after an attack has struck. The majority of the time, companies do not even consider protecting their systems from a ransomware attack until it is too late. A reactive approach to ransomware has time and again shown to be a case of “too little, too late”. However, no one seems to have learned, and mistakes on how to prevent or handle them are still being made.

Fuzzy Virtual Padlocks on Screen - Web Security Concept

There are those within the IT security community that believe that one of the reasons why ransomware has become so prevalent is due to the lack of general knowledge regarding their method of transmission and activity. Sure, people sort of know that such  attack is usually characterized by a file being locked up and then being confronted with a ransom note from the attacker, but not much else besides this.

Ransomware attacks are, in essence, Trojans or worms. They usually make their way into company systems as a result of phishing campaign laid out by the attackers. The Trojan or worm is embedded in a downloadable file. Once the unsuspecting employee (and this can include C-level executives as well) opens the phishing email and downloads the file, the Trojan or worm are let loose within the company system. Depending on how they are programmed or controlled the attack can be executed on the endpoint, immediate system, wider network, or server levels.

The worm will then burrow itself in the system locking up a file immediately or, just as likely, sit and wait, until the day comes when it is activated by the cybercriminal. Once the worm has latched on to a file, folder or drive, it will then encrypt the file with a password, often times changing the filename in the process, to make it even more difficult to find within the company’s network.

As if this wasn’t bad enough, there are ransomware attacks that will start by encrypting a file, then go through the entire network and go about deleting all copies of said file, bring the maliciousness of the act to a whole new level.

With this knowledge in mind, companies, CSOs and IT security teams can map out how to deal with and, more importantly, how to prevent ransomware attacks from crippling their businesses. The situation brings into mind an idea from the world of martial arts, if you do not want to get hit, give them nothing to attack. Meaning that email filtering and handling protocols in conjunction with download policies should be implemented and strictly adhered to, without exceptions. In general, no one likes doing backups. They are tedious and often boring tasks, but just think of it as your digital insurance policy. With a backup of files safely tucked away in a separate and unconnected location, there is nothing that ransomware attackers can hold over you and your company’s collective heads.


Article provided by David Share from Amazing Support.

June 9, 2017


David Share
Latest Articles
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023