Ransomware is one of the most menacing types of malware you can experience. Unlike other types of malware that only inconvenience you, ransomware renders your computer completely unusable. You are then forced to pay the ransom if you ever want to use your computer again.

Ransomware has evolved throughout the years from single device attacks to full network attacks. It began with malicious email attachments, and surprisingly in 2022, email is still the most common way that hackers can get into your system.

How does ransomware work?

The scam goes something like this…

Ransomware hackers today are looking for big payouts and they’ve figured out a way to do it called big game hunting. Big game hunting means the ransomware hackers are searching for specific senior-level executives as well as anyone who has administrative access to infect.

Once they’ve identified their victims, the ransomware hackers will send each one of them an email with an attachment. They’ll disguise this email to look like it’s internal or from some other legitimate sender to not arouse suspicion. The email will instruct the senior executive to open the file or click the link. The email attachment will be a Microsoft document that has a malicious macro or a link that takes you to a malicious download. Once the document is opened or clicked, the user inadvertently downloads the malware and provides access to the ransomware hacker.

Now that the ransomware hacker is on one computer, they use phishing techniques and other malicious techniques to obtain administrator-level access to the network. Once administrator-level access is achieved, the ransomware hacker can download, exfiltrate, and encrypt any files on the network. When the data is located by the hacker, the ransomware is deployed. The network is completely locked out and there will be a ransom note on each of the screens.

From there, you have to decide if it’s worth the money to get your data back.

Conclusion: Beware of suspicious emails

Don’t open any suspicious emails or attachments from unknown sources. Remember, email is the most common way for ransomware to be downloaded. All in all, practicing good cyber security will help you avoid ransomware attacks. The best practices are to avoid clicking on anything in an email before verifying its legitimacy.

Back up your data regularly so that if your computer does get infected with ransomware, you can easily restore your data from a backup copy stored somewhere else. And make sure that any backups are stored in an offline location — preferably off-site — so they aren’t accessible to cybercriminals who might try to encrypt them as well.

Wanted: The Truth

Active Intel Investigations is here to help you with every aspect of your investigation, from conducting the investigation to preparing evidence to provide it in court.

Get started with your investigation, browse our video library for investigative resources, or schedule a no-obligation consultation with a licensed private investigator to discuss the specifics of your case.