From what I've read, ransomware triggers, and starts encrypting your .mdf .ldf and database backup files. (as well as others).
Now, also they say that malware can sit on your box for months or more before it triggers.
Here's the question: A person I work with says that it attaches immediately to the database, but doesn't trigger the encryption until months later, so all your backups now have this ransomware attached to it.
That sounds like hooey to me that it is attached to your backups and the backup itself is the executable that starts the encryption, etc.
Facts on this please? Thanks!
And does anyone know WHY they wait for months to trigger it?