How it works?
A ransomware attack will go through five stages from the time it is installed on your computer, until you see the warning on your computer screen.
Step One:
INSTALLATION – After a victim’s computer is infected, the ransomware will installs itself, and sets keys in the Windows Registry to start automatically every time your computer boots up or restarts.
Step Two:
CONTACTING HEADQUARTERS – Before ransomware can affect you, it contacts a server operated by the criminal that owns it.
Step Three:
HANDSHAKE AND KEYS – The ransomware client and server identify each other through a carefully arranged “handshake”. After that is done, the server will generate two cryptographic keys. One of the keys is kept on your computer, the other key is stored securely on the server.
Step Four:
ENCRYPTION – With the cryptographic keys created, the ransomware on your computer starts encrypting each and every file it finds. It will find dozens of file extensions such as; Microsoft Office documents, .JPEG images and more.
Step Five:
EXTORTION – The ransomware will display a screen giving you a specific time limit to pay a set amount of money to the or the criminals will destroy the key to decrypt all your files. The typical price stated is usually between $300 and $500. You will told that you must pay with an untraceable method like bitcoins or other electronic payments.
