Under Attack

Ransomware Attacks Happen Long Before The Ransom Is Posted

Ransomware is an increasing problem globally, costing billions annually with the price tag only increasing. While a ransom message popping up on the screen, followed by the realization that your files are locked, can be surprising, it definitely isn’t an immediate result of being hacked. Attacks start festering in a system long before a monetary demand is presented.

Like a dormant volcano, hackers lie in wait for what can be months prior to deploying their end result. The criminals crawl through slowly, monitoring and learning your patterns; copying files and changing permissions. This deliberate violation of your privacy is all to make sure that when they release their malice, it’s an airtight plan you’re helpless to correct.

There are ways, however, to spot this activity before it can be fully deployed. An astute administrator, knowing what to look for, can catch an attack long before it permeates the entire network.

Early Warning Signs

Once files are locked and encrypted, you know the criminals have been in your system for awhile. We’ve mentioned before that phishing scams and Remote Desktop Protocol (RDP) attacks are the favorite methods of hackers.

Scanning RDP ports is the first step in keeping the attackers at bay. Knowing the names, locations, and IPs of authorized users can alert an administrator to someone accessing the system who shouldn’t be there.

But if everything looks above board, there could still be someone lurking in your system. A phishing attack, for example, could lead to an authorized user becoming compromised. Red flags for this type of invasion can be the appearance of unexpected software tools on the network.

They’re In

MimiKatz, a tool regularly used by hackers, and Microsoft Process Explorer, are two such tools. While Process Explorer is a perfectly legitimate tool, MimiKatz is used almost exclusively by hackers. An unexpected appearance of either of these should be regarded as a warning that someone may be infiltrating your system.

Once in, a hacker will begin to open avenues by creating administrator accounts for themselves. This will allow greater permissions and the ability to begin to gather sensitive information. It also allows the hackers the ability to disable security software. (PC Matic has a feature built in that stops users, even admins, from being able to delete the software from the machine as a way to thwart this.)

The discovery of a disabling of Active Directory and the domain controllers, and any corruption of backup files, can mean that the process is nearly complete. It’s still possible to stop an attack during this time, but you’re so far along in the process that you’d need to act quickly.

If your systems are monitored regularly, it’s completely possible to spot these invasions before they lead to the encryption and deletion of data. Since this process can take weeks or even months to complete, the ability to catch a thief increases when you know where to look.


Prevention is a life saver. Patch updates should be kept up-to-date. Education for employees on spotting a phishing attacks is key. Finally, a state of the art antivirus product will keep your systems monitored and locked down.

Cybercriminals are getting more advanced, there’s no way back from that. Together, though, we can stop them in their tracks. Stay educated, and, as always, stay safe out there.

 2,711 total views,  1 views today

(Visited 1 times, 1 visits today)

9 thoughts on “Under Attack”

  1. I simply want the best protection available. I run my classroom from here and I am very careful regarding opening any suspicious attachments. I do have some problems with applications (that I have always had) that seem to open upon start-up. Otherwise, I’m happy if PC Matic can continue to keep me apprised of any problems within my system.

  2. I sent a request asking if PC Matic covers Samsung Galaxy S10?
    I have your lifetime plan.
    I got a reply that your company only services Android products and my smartphone is. And what are you referring to Android products?

  3. I purchased a lifetime protection plan from you. I want to know if I automatically have ransomware protection and do I have VPN included in my protection.
    Thank you for your kind attention to this matter.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.