What is it and how do hackers proceed during a ransomware attack ?

How a Ransomware attack works and risks to victims' data

Cybercrime has become a permanent threat to businesses and organizations. It is no longer a question of whether you will be attacked, but when.

Ransomware is a type of malware that blocks access to data by encrypting or locking it until a ransom is paid to unlock it.

Hackers target all types of organizations, including the private sector, local communities and government agencies.

Stage 1: Infecting the organization

One of the main ways to get infected is through infected links or attachments in emails (often sent by scammers). Users may also be tricked into downloading them by visiting application or software download sites or by clicking on pop-up ads.

Step 2: data encryption

The time it takes to encrypt files largely depends on the encryption method chosen. The encryption operation is slow. It can go unnoticed until it's too late, especially if the cybercriminals launched the ransomware attack outside of business hours, such as at night or on weekends. The ciphers used are almost impossible to break.

Step 3: data theft

Very often, attackers choose in addition to encryption, to steal as much sensitive data as possible. By threatening victims to post sensitive data online, attackers can force them to pay rather than restore from backups.

Step 4: analysis of stolen data

Recently, attackers in addition to stealing data and encrypting data analyze the stolen content. The objective is to extort the victims by threatening them, for example, to resell confidential information to competitors, to transmit accounting information to the tax authorities, to inform of a possible agreement between competitors, etc.