How it works and how to respond
Even if individual steps differ in detail, the course of a ransomware follows a similar logic. It can be illustrated by being divided into four phases – preparation, attack, spread and infection. In our blog series, we show these phases based on an example scenario from the perspective of a ransomware operator, and show which security measures are truly effective. Finally, we touch on the legal aspects of ransomware payments.
61% of Swiss executives expect a surge in reportable ransomware incidents in 2022.
If the network of the target company has been hacked, the focus now moves onto accessing the data needed for blackmail. This takes time, and in most cases also requires broader access to several systems. This is where the malware developed by professionals comes into play. It helps cybercriminals to take over and control parts of the system. Malware behaves differently depending on which user authorisations have been hacked; it will either try to take over other accounts or gain access to other computers. In any event, the malware provides the attacker with the first insights into the compromised system.
The motto holds true here too: cybercriminals take the path of least resistance. In practice, this often means that vulnerabilities which become known are soon exploited. Ransomware developers will know about the existence of a vulnerability as soon as a patch for it has been released, and will try and target it for an attack before your company has applied the patch.
At PwC, we are a community of solvers – powered by technology – committed to helping you protect everyone, and everything, you care about.