Once in the system, ransomware can either (1) lock the computer screen or (2) encrypt predetermined files with a password. In the first scenario, ransomware shows a full-screen image or notification, which prevents victims from using their system. This also shows the instructions on how users can pay for the ransom. The second and most common type of ransomware locks files like documents, spreadsheets and other important files.
At this point, your files are encrypted and not available to you. These files vary based upon the type the malware is targeted to attack. The most common file types are pictures, documents, spreadsheets, adobe pdf documents, and text documents. However, in the most destructive variants, this malware can also attack database files.
The malware is coded to attack the computer originally infected and any other network share that is available. The most common entry point for this malware is on a workstation. The workstation is typically always attached to other computers or a server, and this is how the malware spreads.
Ransomware variants will encrypt your computer files including desktop files, document files locations and anything local on your computer. Once the malware spreads to other network resources, like a server, all of your files and important business proprietary data is at risk.
If this happens to your business you have two choices.
- Restore from backup
- Pay the ransom
Without proper protection and a proactive approach to security, you will most likely encounter this ransomware. The best reaction once you are hit with this malware is to restore from a backup. If your files that are infected are included within your backup and your backup is working as expected, you should be able to recover. Keep in mind that most users store data on their desktop and this is one location where files are not included in your backup. You should setup a policy to enforce users to store data on the server.
Important company data should not be kept on a personal computer.
If your backup is not current or missing important data, you are faced with paying the ransom. The ransom process only works if you can pay the ransom to the hacker network who created this and receive your file decryption back. The payment process is not quick nor cheap. We know from experience. Read the details from that exchange HERE.