Close Menu
    Facebook LinkedIn YouTube Instagram X (Twitter)
    Blue Tech Wave Media
    Facebook LinkedIn YouTube Instagram X (Twitter)
    • Home
    • Leadership Alliance
    • Exclusives
    • Internet Governance
      • Regulation
      • Governance Bodies
      • Emerging Tech
    • IT Infrastructure
      • Networking
      • Cloud
      • Data Centres
    • Company Stories
      • Profiles
      • Startups
      • Tech Titans
      • Partner Content
    • Others
      • Fintech
        • Blockchain
        • Payments
        • Regulation
      • Tech Trends
        • AI
        • AR/VR
        • IoT
      • Video / Podcast
    Blue Tech Wave Media
    Home » Ransomware attacks explained: 5 stages of attack
    Ransomware attack
    Ransomware attack
    Fintech

    Ransomware attacks explained: 5 stages of attack

    By Fiona HuangMay 8, 2024No Comments4 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email
    • Malware known as “ransomware” encrypts a victim’s data and then demands a “ransom,” or payment, from the victim to unlock the files and network.
    • A ransomware attack is a form of malware attack in which an attacker seises the user’s data, folders, or entire device until a “ransom” fee is paid.
    • A ransomware attack typically proceeds through 5 stages.

    Ransomware is a type of malware that encrypts a victim’s data where the attacker demands a “ransom”, or payment, to restore access to files and network. Typically, the victim receives a decryption key once payment is made to restore access to their files. If the ransom payment is not made, the threat actor publishes the data on data leak sites (DLS) or blocks access to the files in perpetuity.

    Ransomware has become one of the most prominent types of malware targeting a wide variety of sectors including government, education, financial, and healthcare sectors, with millions of dollars extorted worldwide every year.

    What is ransomware attack?

    A ransomware attack is a type of malware attack where the attacker encrypts and holds onto the user’s files, folders, or entire device until they receive a ransom payment. A ransomware attack uses phishing attacks or malicious websites to infect a computer or network to take advantage of open security vulnerabilities. A ransomware attack compromises a user’s computer by encrypting the files on it or locking the user out, and then requesting payment (often in Bitcoin) to unlock the files or restore the system. 

    This type of attack uses software vulnerabilities to infect and take control of the victim’s device, taking advantage of system networks and users. A computer, smartphone, wearable technology, point-of-sale (POS) electronic equipment, or any other endpoint terminal could be the victim’s device.

    An individual, an organisation, or a network of organisations and business processes may be the target of a ransomware attack. A network of computers can be infected with malware by the attacker through a variety of methods, including links or attachments from phishing emails and compromised websites. Drive-by downloads, compromised USB sticks, pop-up windows, social media, malicious advertising, compromised software, traffic distribution systems (TDS), self-propagation, and other methods are used to accomplish this.

    Also read: What is open banking? A short guide

    Stages of ransomware attack

    A ransomware attack typically proceeds through these stages.

    Stage 1: Initial access

    The most common access vectors for ransomware attacks continue to be phishing and vulnerability exploitation.

    Stage 2: Post-exploitation

    Depending on the initial access vector, this second stage may involve an intermediary remote access tool (RAT) or malware before establishing interactive access.

    Stage 3: Understand and expand

    During this third stage of the attack, attackers focus on understanding the local system and domain that they currently have access to. The attackers also work on gaining access to other systems and domains (called lateral movement).

    Also read: How many Regional Internet Registries (RIRs) are there?

    Stage 4: Data collection and exfiltration

    Here the ransomware operators switch focus to identifying valuable data and exfiltrating (stealing) it, usually by downloading or exporting a copy for themselves. While attackers might exfiltrate any of the data they can access, they usually focus on especially valuable data—login credentials, customers’ personal information, intellectual property—that they can use for double extortion.

    Stage 5: Deployment and sending the note

    Crypto ransomware begins identifying and encrypting files. Some crypto ransomware also disables system restore features or deletes or encrypts backups on the victim’s computer or network to increase the pressure to pay for the decryption key. Non-encrypting ransomware locks the device screen, floods the device with pop-ups or otherwise prevents the victim from using the device.

    Once files have been encrypted or the device has been disabled, the ransomware alerts the victim of the infection. This notification often comes through a .txt file deposited on the computer’s desktop or through a pop-up. The ransom note contains instructions on how to pay the ransom, usually in cryptocurrency or a similarly untraceable method. Payment is in exchange for a decryption key or restoration of standard operations.

    A ransomware attack is a dangerous malware attack that locks a user’s computer by encrypting the data using various encryption techniques and demands a ransom fee to restore the encrypted files or the computer. 

    ransomware ransomware attack
    Fiona Huang

    Fiona Huang, an intern reporter at BTW media dedicated in Fintech. She graduated from University of Southampton. Send tips to f.huang@btw.media.

    Related Posts

    Zenith Bank Ghana Ltd: Driving digital banking

    July 10, 2025

    Reverse AFRINIC’s election annulment, honor the votes, uphold the rule of law

    July 10, 2025

    AFRINIC vs NRO: The growing tensions among regional internet registries

    July 10, 2025
    Add A Comment
    Leave A Reply Cancel Reply

    CATEGORIES
    Archives
    • July 2025
    • June 2025
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023

    Blue Tech Wave (BTW.Media) is a future-facing tech media brand delivering sharp insights, trendspotting, and bold storytelling across digital, social, and video. We translate complexity into clarity—so you’re always ahead of the curve.

    BTW
    • About BTW
    • Contact Us
    • Join Our Team
    TERMS
    • Privacy Policy
    • Cookie Policy
    • Terms of Use
    Facebook X (Twitter) Instagram YouTube LinkedIn

    Type above and press Enter to search. Press Esc to cancel.