How does a Ransomware attack happen?

The two main ways Ransomware attacks can occur are by an email with a malicious attachment, or by visiting a compromised (often a legitimate, mainstream) website.

Malicious email

Today’s criminals are crafting emails that are indistinguishable from genuine ones. Grammatically correct with no spelling mistakes, and often written in a way that is relevant to you and your business. Sometimes an email may come to your personal email (Gmail, Hotmail or Yahoo) which you are checking during your break time.

When opened, the zip file appears to contain an ordinary .txt file. However, when the file is executed the ransomware is downloaded and installed on your computer.

 

Malicious websites

Another common way to get infected is by visiting a legitimate website that has been infected. Even popular, mainstream websites can be temporarily compromised. You browse to the hacked website and click on an innocent-looking link, hover over an ad or in many cases just look at the page. And that’s enough to download the ransomware file onto your computer and run it, often with no visible sign until after the damage is done.


What happens next?

After initial exposure via an email or website, the ransomware takes further action:
  • It contacts the attacker’s server, sending information about the infected computer.

  • Specific file types such as Office documents, database files, PDFs, etc., are encrypted on your computer and all accessible network drives.

  • A message appears on the desktop explaining how the ransom can be paid in the specific time frame.

  • Automatic backups of the Windows operating system (shadow copies) are frequently deleted to prevent data recovery.


  • Finally, the ransomware deletes itself leaving the encrypted files and ransom note behind.

I’m Infected, Now What?

Once you have determined you have been infected with ransomware, it is imperative to take action immediately:

Disconnect: 

  1. Immediately disconnect the infected computer from any network it is on.
  2. Turn off any wireless capabilities such as Wi-Fi or Bluetooth. Unplug any storage devices such as USB or external hard drives. Do not erase anything or “clean up” any files or antivirus. This is important for later steps. Simply unplug the computer from the network and any other storage devices.

Contact Service Desk:

  1. Call Service Desk at 416-408-7133 or send email from another computer to support@diabetes.ca
  2. Service Desk will have to scan all the computers at your location to make sure other computers are not infected.
  3. Files will be restored from backup.