5 Telltale signs of a ransomware attack

Oct 20, 2020

Ransomware attacks are widespread and usually take victims by complete surprise. Then, they’re left struggling to make the choice between paying the ransom or risk losing their data for good. Fortunately, there are several warning signs that cybercriminals are already targeting your network. If you can spot them in time, you should be able to take proactive steps to keep the attack from succeeding.

If your device is already infected with ransomware, you’ll most likely see a ransom note when you attempt to boot up into your operating system. Some ransomware is designed to spread across a network, infecting every device connected to it. That’s why if one of your machines has a ransomware infection, you should instantly disconnect it from the network and isolate it until the problem has been resolved.

Here are five signs to look out for to help you proactively guard against ransomware:

1. Suspicious emails

Like most cyberattacks, a ransomware attack usually starts with a social engineering scam. A phishing email containing a malicious attachment or a link to a malicious website is the most likely culprit. More sophisticated phishing attempts are often quite convincing, and may appear as though they come from a legitimate company and that any attached file is safe to download.
While your spam filters and antivirus scanners should block most of these attempts, you can’t take them for granted. Never download an attachment you weren’t expecting, especially if the file is an executable program.

2. Disabled antivirus software

Most ransomware is easily detected by a reputable and up-to-date anti-malware scanner. To work around this, attackers may first attempt to gain elevated access to your systems so they can disable your security software. Again, they will likely use a social engineering scam in an attempt to dupe an unsuspecting employee into granting them access rights. If your antivirus software has been mysteriously deactivated, chances are, an attack is imminent.

3. Network scanners

More sophisticated cybercriminals may first try to gain access to a poorly protected endpoint to search for information that can assist them in their next steps. This may expose things like which admin rights are in place on which systems. To find vulnerabilities, attackers may use network scanning software like Advanced Port Scanner or AngryIP. Administrators should constantly be on the lookout for network scanners, particularly on servers, and find out whether or not they’re being used legitimately.

[img src=”https://www.onlinecomputers.com/wp-content/uploads/2020/10/5-Telltale-signs-of-a-ransomware-attack-infographic.png” link=”https://www.onlinecomputers.com/wp-content/uploads/2020/10/5-Telltale-signs-of-a-ransomware-attack-infographic.png” target=”_blank”]

4. Simulated attacks

Another common tactic hackers use is running small-scale attacks or simulations to seek out larger vulnerabilities in your network and endpoints. With ransomware, the usual goal is to find out which deployment methods are most likely to work and infect as many connected systems as possible. That’s why you should always look out for seemingly minor and inconsequential attacks. This can buy your security team valuable hours to prevent something far worse from happening.

5. Unfamiliar login attempts

While most attackers rely on social engineering to spread ransomware, others take a sneakier approach by trying to log in to your systems directly. This may involve logging in to in-house servers and workstations or remote assets like online storage accounts. You should always look out for failed login attempts, particularly on Remote Desktop Protocol (RDP) servers. You can view these login attempts in Active Directory.

What are the next steps?

If you detect a potential ransomware threat or any other kind of attack, you should immediately disconnect the affected devices from your network. This will stop the attack from getting worse by spreading to shared network resources like storage area networks. Also, disconnect any external devices that might also be compromised, and quarantine them until the security team has had time to conduct a thorough investigation.

Online Computers provides managed security services that keep you safe from ransomware and other threats. Contact us today to schedule a consultation.

[well class=”well-download flex-box align-items-center”]

Ensure a productive remote workforce!

Enter your name and email address on the respective fields on the right to receive our FREE guide to ensuring your staff’s productivity while working remotely.

Oops! We could not locate your form.

[/well]

online computers logo
Skip to content