Support Center

Anatomy of a ransomware attack: CryptoLocker, CryptoWall, and how to stay safe (Infographic)

From CryptoLocker to CryptoWall and beyond Ransomware, it’s everywhere. We had hoped that the notorious file-encrypting ransomware called CryptoLocker was defeated after law enforcement knocked out its infrastructure last year, but CryptoLocker and its close cousin CryptoWall have come back stronger than ever.

Ransomware is malware that prevents you from using your files or your computer, and then extorts money from you in exchange for a promise to unlock them.

We’d like to show you more about the newest kinds of ransomware, how they work, and what you as an organization or individual can do to stay safe.

Ransomware: a brief history

Ransomware and fake-antivirus have been around for many years, relying on social engineering to trick computer users into paying the cybercriminals, so their phony warnings claim, to avoid fines from police for supposed crimes, or to clean up “viruses” on their computers that don’t actually exist.

But CryptoLocker and CryptoWall – variations of the malware we sometimes call crypto-ransomware or cryptoware – don’t bother with that sort of trickery. The attackers tell victims up-front that their files have been encrypted by the crooks. Unless you pay for the encryption key held by the attackers, the crooks destroy the private encryption key, making it impossible to recover your files.

How it works

A ransomware attack goes through five stages from the time it installs on your computer to the appearance of the ransom warning on your screen. You can download our step-by-step infographic to learn about the stages of an attack, and get tips on staying safe.

Anatomy of a Crypto-Ransomware Attack (PDF)

Ransomware protection, prevention and mitigation

If you suspect you’ve been compromised by ransomware, you can remove the malware using our Free Virus Removal Tool. Sadly, there’s not much you can do to get your files back except to pay the ransom – the encryption is too strong to crack.

We wouldn’t recommend paying the ransom – there’s no guarantee the criminals won’t up the ante, or that they’ll actually follow through on their promise to send you the keys to decrypt your files.

But it’s easy to understand why so many people do pay the ransom, especially if you’ve lost invaluable corporate or personal data.

Recently, a sheriff’s office in Tennessee paid a ransom to CryptoWall cybercrooks, and other police departments and public sector organizations have done the same.

Really, the best defense is a proactive one: always back up all your files, and use anti-malware and anti-spam protections.

To learn more about protecting your organization against ransomware attacks, download our free whitepaper, CryptoLocker, CryptoWall and Beyond: Mitigating the Rising Ransomware Threat.

This whitepaper explains:

  • A brief history of ransomware, from Winlockers to today’s crypto-ransomware
  • How ransomware works and why it is so dangerous
  • Specific recommendations that can dramatically reduce your vulnerability

The best ransomware defense: Next-generation protection from Sophos

Before ransomware can do its dirty work, it must contact a live command and control server. Next-generation firewalls such as the Sophos UTM can help block that. So can today’s best client anti-malware software. Our Next-Generation Enduser Protection offers Malicious Traffic Detection (MTD) that goes wherever you go, detecting and stopping malware when it connects to attackers’ servers.

Next-Generation Enduser Protection is the integration of Sophos’s innovative endpoint, mobile and encryption technologies to deliver better protection and simpler management.

To learn more about how to try it for free, visit

Filed under: Corporate, Enduser, Security Tips Tagged: Cryptolocker, Cryptowall, Infographics, Next-Generation Enduser Protection, ransomwareAnatomy of a ransomware attack: CryptoLocker, CryptoWall, and how to stay safe (Infographic)

Read more