The Anatomy of an Attack
After a victim’s computer is infected, the crypto-ransomware installs itself, and sets keys in the Windows Registry to start automatically every time your computer boots up.
- Contacting Headquarters
Before crypto-ransomware can attack you, it contacts a server operated by the criminal gang that owns it.
- Handshake and Keys
The ransomware client and server identify each other through a carefully arranged “handshake,” and the server generates two cryptographic keys. One key is kept on your computer, the second key is stored securely on the criminals’ server.
With the cryptographic keys established, the ransomware on your computer starts encrypting every file it finds with any of dozens of common file extensions, from Microsoft Office documents to .JPG images and more.
The ransomware displays a screen giving you a time limit to pay up before the criminals destroy the key to decrypt your files. The typical price, $300 to $500, must be paid in untraceable bitcoins or other electronic payments.
Get a FREE Security Assessment Now!