AbleToTrain by Willing & Able

How to check if you were the target of a ransomware attack

Ransomware in figures

  • The average loss in ransomware attacks is $2,500 per incident.

  • 71% of ransomware attacks target small and medium-sized companies.

  • The downtime caused by ransomware infections costs an average of $64,000.

  • In 2018, ransomware attacks increased by 12% compared to the previous year.

  • 98% of redemptions were paid in bitcoin.

How does a ransomware attack work?

Typically, ransomware assaults infect computers via email phishing, compromising remote desktop services available on the Internet, or exploiting flaws in data storage devices.

Most ransomware attacks use their own encryption algorithms to encrypt data (documents or media files) on the device.

What are the signs that you’ve been infected? Once the files have been encrypted, the attacker always leaves a message on the infected machine in text, picture, or HTML format with instructions on how to pay the ransom.

Methods by which you can detect if a system has been infected with ransomware

If a ransomware assault would normally lock the screen and deactivate the Task Manager without encrypting the data a few years ago, contemporary assaults have gotten far more complex.

These features include the option to expand the network to incorporate other machines. Furthermore, some ransomware varieties maintain the file names intact, making them even more difficult to detect.

Here are some details that could aid you in detecting the ransomware infection:


Check the file extension

Exhaustive lists (available from trustworthy sources) that include all file extensions used by attackers can be used to detect the presence of a ransomware assault on a system.


Watch out for file renames

If you see an unusually high number of file renames on your system, it might be a symptom of a ransomware assault.


Use a dummy net

Another method for detecting ransomware infections is to deploy a bogus network distinct from the organization’s infrastructure as an alarm mechanism and a means of delaying such attacks.

It is critical that this bogus network comprises sluggish devices and a large number of small files that are not in any particular sequence, in order to inject as much lag as possible into the encryption process.


Update the endpoint antivirus regularly

With the sophistication of assaults, the technology underpinning antivirus applications has advanced at a rapid pace. It is critical to utilize an antivirus that can identify and guard against ransomware attacks, as well as keep it up to date with updates.


Use a firewall that gives you visibility across the network.

Network visibility is the most crucial need of the admin system and is critical for identifying ransomware assaults.

The next generation Fortinet firewall gives you total insight into the network, apps, and resources that the organization’s IT systems access.

This firewall, Fortigate, along with endpoint protection provided by Forticlient, provides a comprehensive defense against sophisticated ransomware assaults.