Issue link: https://insights.oneneck.com/i/1093615
8 Ransomware Defense For Dummies, Cisco Special Edition Go to https://youtu.be/4gR562GW7TI to see the anatomy of a ransomware attack. Once delivered, ransomware typically identifies user files and data to be encrypted through some sort of an embedded file extension list. It's also programmed to avoid interacting with certain system directories (such as the WINDOWS system directory, or certain pro- gram files directories) to ensure system stability for delivery of the ransom after the payload finishes running. Files in specific locations that match one of the listed file extensions are then encrypted. Oth- erwise, the file(s) are left alone. After the files have been encrypted, the ransomware typically leaves a notification for the user, with instructions on how to pay the ransom (see Figure 1-3). There is no honor among thieves. Although an attacker will usually provide the decryption key for your files if you pay the ransom, there is no guarantee that the attacker hasn't already installed other malware and exploit kits on your endpoint or other networked systems, or that they won't steal your data for other criminal purposes or to extort more payments in the future. FIGURE 1-2: How ransomware infects an endpoint. FIGURE 1-3: How ransomware works. These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.