How does a Ransomware attack happen?
Malicious email
When opened, the zip file appears to contain an ordinary .txt file. However, when the file is executed the ransomware is downloaded and installed on your computer.
Malicious websites
Another common way to get infected is by visiting a legitimate website that has been infected. Even popular, mainstream websites can be temporarily compromised. You browse to the hacked website and click on an innocent-looking link, hover over an ad or in many cases just look at the page. And that’s enough to download the ransomware file onto your computer and run it, often with no visible sign until after the damage is done.
What happens next?
- It contacts the attacker’s server, sending information about the infected computer.
Specific file types such as Office documents, database files, PDFs, etc., are encrypted on your computer and all accessible network drives.
A message appears on the desktop explaining how the ransom can be paid in the specific time frame.
Automatic backups of the Windows operating system (shadow copies) are frequently deleted to prevent data recovery.
- Finally, the ransomware deletes itself leaving the encrypted files and ransom note behind.
I’m Infected, Now What?
Disconnect:
- Immediately disconnect the infected computer from any network it is on.
- Turn off any wireless capabilities such as Wi-Fi or Bluetooth. Unplug any storage devices such as USB or external hard drives. Do not erase anything or “clean up” any files or antivirus. This is important for later steps. Simply unplug the computer from the network and any other storage devices.
Contact Service Desk:
- Call Service Desk at 416-408-7133 or send email from another computer to [email protected]
- Service Desk will have to scan all the computers at your location to make sure other computers are not infected.
- Files will be restored from backup.