Ransomware

What Is Ransomware?

Ransomware is a type of malicious software that encrypts files on an infected system, rendering them inaccessible. The attacker then demands a ransom — typically in cryptocurrency — in exchange for the decryption key. Some modern ransomware also exfiltrates data before encrypting it, threatening to publish stolen information unless paid ("double extortion").

How Ransomware Spreads

• Phishing emails: Malicious attachments or links that install ransomware when clicked
• Remote Desktop Protocol (RDP): Brute-forced or stolen credentials used to access internet-exposed RDP
• Software vulnerabilities: Unpatched systems exploited through known vulnerabilities
• Compromised supply chain: Malware delivered through a trusted vendor or software update

The Real Cost

Direct ransom payments are only part of the damage. SMBs typically face:

• Days to weeks of operational downtime
• Cost of incident response and recovery
• Reputational damage and customer churn
• Regulatory penalties if personal data was breached
• Potential legal liability

Many SMBs that pay the ransom never fully recover their data. Around 40% of organisations that pay are hit again within a year.

Prevention Measures

1. Maintain offline backups: The 3-2-1 rule — three copies, two media types, one offsite — ensures recovery without paying
2. Patch promptly: Most ransomware exploits known, patched vulnerabilities
3. Restrict RDP: Disable it if unused, or put it behind a VPN with MFA
4. Deploy endpoint protection: Modern EDR tools detect ransomware behaviour before encryption completes
5. Segment your network: Limit blast radius so ransomware can't spread across all systems
6. Train your team: Phishing is the #1 delivery method — awareness reduces risk

If You're Attacked

Disconnect affected systems immediately. Do not pay the ransom without consulting a specialist — payment funds future attacks and doesn't guarantee data recovery. Contact your incident response provider or law enforcement.