File-encrypting ransomware attacks can take months of planning by gangs. Here's what to look out for.
There are as many as 100 claims to insurers over ransomware attacks every day, according to one estimate. And as the average ransomware attack can take anywhere from 60 to 120 days to move from the initial security breach to the delivery of the actual ransomware, that means hundreds of companies could have hackers hiding in their networks at any time, getting ready to trigger their network-encrypting malware.
So what are the early indicators for companies that are trying to spot a ransomware attack before they cause too much damage? Any what should they do if they discover an attack in progress?
Encryption of files by ransomware is the last thing that happens; before that, the crooks will spend weeks, or longer, investigating the network to discover weaknesses. One of the most common routes for ransomware gangs to make their way into corporate networks is via Remote Desktop Protocol (RDP) links left open to the internet.
Image credit: Threat post