The Plain English Version
Ransomware is malware that encrypts your files and demands payment for the key to unlock them. Modern ransomware often also steals your data first, threatening to publish it if you do not pay - double extortion.
It is one of the most devastating cyber threats facing businesses today. A successful attack can shut down operations entirely, sometimes for weeks.
How Ransomware Gets In
Phishing emails: Malicious attachments or links - still the most common vector
Exposed RDP: Remote Desktop Protocol left open to the internet
Unpatched vulnerabilities: Known security holes that were not fixed
Supply chain: Compromised software updates or service providers
The Business Impact
Beyond the ransom demand (which can be millions), costs include: business downtime, data recovery efforts, incident response services, regulatory fines, legal fees, reputation damage, and increased insurance premiums.
Many businesses never fully recover. Some close entirely.
Prevention Fundamentals
- Backups - Regular, tested, offline or immutable backups are your lifeline
- MFA everywhere - Especially on remote access and admin accounts
- Patch promptly - Known vulnerabilities are actively exploited
- Email security - Filter malicious attachments and links
- Endpoint protection - Modern EDR can detect and stop ransomware
- User training - Help staff recognise phishing attempts
- Least privilege - Limit what accounts can access and modify
If You Get Hit
Isolate affected systems immediately. Do not pay without expert guidance - there is no guarantee you will get your data back, and you may be funding further attacks. Contact your incident response provider, cyber insurance, and potentially law enforcement.
Focus on recovery from backups rather than paying. Every ransom paid funds more attacks.