Stages of a Malware Attack

There are generally considered to be five phases of ransomware encryption, from the breach or Infection

Phase 1 – Infection:

Initial entry into the system by means of spam email, phishing attack or an exploit kit – readily available on the Dark Web. During this phase, the vulnerabilities of systems and users are exploited. Lapses in user awareness and training as well as failures to follow corporate security policies provide the ransomware entrance into the computing infrastructure.

Phase 2 – Delivery:

Persistence mechanisms are established. These mechanisms alter registry keys to protect the ransomware, hiding it and permitting self-restart even after a system shutdown. This phase enables the ransomware to encrypt files at a later date without requiring additional actions on the part of the user or ransomware command-and control centre.

Phase 3 – Backup Attack:

This is a self-defence mechanism for the ransomware to ensure its effectiveness and to facilitate payment. CryptoLocker and Locky, two ransomware variants, execute commands to remove all shadow copies from infected systems. Other variants search for folders holding backup files and remove them.

Phase 4 – Encryption:

During this step, encryption keys are established on the local system. Early forms of ransomware included the encryption keys as part of the application, making it easy for security teams to identify the key and unencrypt information. Today, encryption keys are not supplied with the application, and the time to recover files varies based on computing infrastructure characteristics such as file size, network characteristics and number of connected devices.

Phase 5 – User Notification/Settlement and Remediation:

The ransomware notifies the user of infection, demands payment and presents instructions for payment. Generally, the user is given a timeframe for payment, with escalating penalties/ransom for not paying. After the ransom is paid, the ransomware frequently attempts to remove evidence of its presence that may be identified by forensic investigators.


We have been working in the parts identification sector for a number of years and have the pleasure of working with a wide range of recycling companies across the UK and Ireland

Our Close relationships with the major software providers to the sector means that we are constantly reviewing product performance and suitablity for your needs.



Get in Touch

Spenic Ltd
Unit-1, The Laurels, Stone,
Berkeley, Gloucester, GL13 9LD
+44 (0) 1454 430 209



Business Hours

If you need remote assistance please click the SUPPORT link below.

Our opening hours are:

  • Monday-Friday: 9am to 5.30pm
  • Saturday & Sunday: Closed*

* Please note that if you have an urgent query when we are closed, please call 00 44 7703 194 697 or email: and we will come back to you within a few minutes.