Ransomware attack alert! The tell-tale signals to look for

Ransomware attack alert! The tell-tale signals to look for

Ransomware attack alert! The tell-tale signals to look for


It's time to bust the long-standing myth that ransomware attacks occur out of the blue and are just a case of bad luck.


Hackers often spend days or even weeks in your system, poking around, trying to get an idea of what your network looks like and stealing data as they prepare to drop the ransomware that could well topple your business. Cunning hackers have worked hard to evade detection during this reconnaissance period, so well in fact that even cybersecurity tools struggle to flag the problem.

With the benefit of hindsight, looking back at the telemetry records of companies who have been attacked, the Sophos MTR team has been able to build a picture of four warning signs that point to trouble ahead.


To the untrained eye, these signals can be hard to spot - particularly as many attackers use legitimate admin tools - but  as long as you know the kind of things to look out for, you'll often be able to see an attack coming, and that can enable you to stop it happening.


Beware of mini-attacks


One way attackers will test your defences is by launching a quick reconnaissance raid on a small number of machines. The idea is to gauge how effectively their ransomware can be deployed and how sophisticated the security software is that they're up against.


Small-scale test attacks might provide hackers with useful intelligence, but these dry runs are the clearest possible sign that a large-scale ransomware attack is imminent. Once spotted, it then becomes a race against time. There might just be a matter of hours between a test attack and the r ..