How Ransomware Works (and How to Respond to Threats)

How ransomeware works

According to a recent study, nearly half of all businesses have been the target of a ransomware attack.

Whether you’ve just been hit with a cyber attack and are trying to figure out what to do, or if you’re going the preventative route, we’re here to help.


We’ve created this article to help you understand how ransomware works and what you can do if you’re under attack.

How Ransomware Works: The 101

First things first, let’s talk figures: the average ransom is about $679. While this might not seem like a lot to big businesses, keep in mind that these days, ransomware is also targeting individuals in addition to large organizations. And that’s more than double what it was in 2015.

How ransomware works is first by having malware install itself and take over your computer.

This is a common hacking scenario, but the malware of ransomware is different. Those who install it want the user to know it’s there.

Instead of silently stealing your information, locking access to your files, or even electronically controlling the physical entrances and exits to your building, ransomware makes its demands known.

Basically, ransomware will deliver an electronic “ransom note” across a variety of your devices. If you don’t pay it, you can’t access it, or worse: your private data will be sent to everyone in your contacts list. (This is a process known as “doxing.”)

How Ransomware Works: Once You’re Infected

Of course, as anti-virus software and other protective forms of cyber-security get stronger and stronger, those who employ ransomware have to get more creative.

This means that now, ransomers can spread the viruses across multiple desktops – meaning that it’s not just a single computer that’s infected, but those of the entire company.

There are hundreds of different ransomware strains, and many are based off code that’s available to everyone. And the options for “payment” are also getting more disturbing.

Recently, a ransomware program gave users the option to infect other desktops and users instead of paying the ransom themselves.

How ransomware works is by exploiting the insecurity – both personal and financial – of those it infects.

You Know How Ransomware Works: Here’s What To Do If You’ve Been Targeted

If your data is been held hostage, we know it can feel overwhelming and even make you feel violated.

First, know that the vast majority of ransomware attacks happen when someone at your office is doing personal work or on personal accounts on company networks and computers. Look into site monitoring to prevent this.

As a preventative measure, encourage your employees to check their email on the data plans of their cellphones. At least instruct them not to go through their spam folders while at work, and certainly tell them not to open any unverified emails.

Also tell everyone to avoid clicking on untrusted or unfamiliar links.

Know though, that how you respond largely depends on the size of your business, and the amount of revenue you can afford to lose. Sometimes, if you’re a huge company, it may actually be more financially prudent to pay the hackers than to lose the business of a few days while your system is down.

We know: it’s incredibly frustrating.

But there are other options as well.

  • Step 1: Notify The Authorities: This will help you to figure out the recovery time and recovery objective if your data has been breached or compromised. If you have a backup of your data, make sure you pass it on to your regulatory team, so they can possibly find the source of the attackers.
  • Step 2: Find a Vendor Solution: If you don’t have a regulatory body in place to deal with cyber attacks, quickly look for a vendor solution, such as a tool for decryption.
  • Step 3: Make Sure Your Data Isn’t Being Further Compromised: If your vendor or regulators are able to solve the problem, great! But don’t forget that this doesn’t always mean you’re home free just yet. Sometimes, inactive ransomware or malware is still in your system. Do a thorough sweep to make sure.
  • Step 4: Try To Recover Your Data: If possible, look into restoring your data to the last possible safe point. (This is why having a system backup plan in place before something happens is so crucial.) If full recovery isn’t possible, look into shadow copies or the use of a file recovery tool. Be aware though, that some ransomware is even able to delete your file copies.

What Are My Other Options If I’ve Been Infected?

Knowing how ransomware works can also mean knowing that you might have to accept that you’re going to lose the data caught up in the attack. As we mentioned earlier, sometimes gritting your teeth and paying the ransom is the most financially prudent thing to do.

Sometimes, you can also try to negotiate with your cyber attacker, though this will likely prove difficult if they’ve done a thorough job of concealing their identities.

You may also try a kind of hybrid approach, where you try to restore your backup system, look into paying the ransom, and also triage your system. Still, this is best left to larger companies who have the monetary resources to pull this off.

Also, a hybrid approach should only be handled by an experienced team.

However, it’s not all bad news: if your system is properly backed up, you’ll likely be able to restore your system fully and not even respond to the ransom demand.

If you don’t have a backup, but the ransom cost is still more than getting a new system, you’ll likely have to throw out your old system (we recommend destroying it) and purchase a new, uninfected one.

You Understand How Ransomware Works, And How To Respond

No matter what form of cyber attack you’ve been subjected to, we understand it can be a costly and emotional time for both individuals and companies.

To get more information about how to properly protect your data, learn about the services we offer that can help.

If you have more specific questions or need help right away, don’t hesitate to reach out to us for help.