How ransomware actually works
Ransomware is malicious software that encrypts your files — documents, databases, backups it can reach — and then demands a ransom for the key. Modern attackers often also steal a copy of your data first, threatening to publish it if you do not pay. That means even good backups may not fully remove the pressure.
How it gets in
- Phishing emails with malicious attachments or links — the most common entry point.
- Exposed remote access (RDP, VPNs) with weak or reused passwords.
- Unpatched software with known vulnerabilities.
- Compromised third parties or infected USB devices.
How to prevent it
Prevention is far cheaper than recovery. The core defenses are practical and within reach of any SME:
- Offline, tested backups. Keep at least one backup copy disconnected from the network so it cannot be encrypted. Test restores regularly.
- Multi-factor authentication on email and all remote access.
- Patch quickly. Prioritize internet-facing systems.
- Least privilege. Limit who can install software and access critical shares.
- Email filtering and staff awareness to stop phishing before it spreads.
- Network segmentation so an infection in one area cannot spread everywhere.
The 3-2-1 backup rule: keep 3 copies of your data, on 2 different types of media, with 1 copy offline or off-site. This single practice is the most reliable defense against ransomware.
If you are hit
- Isolate. Disconnect affected devices from the network immediately to stop the spread.
- Do not rush to pay. Payment does not guarantee recovery and may break local law — get expert and legal advice first.
- Preserve evidence. Do not wipe systems before they can be examined.
- Recover from clean backups once the cause is understood and removed.
- Report the incident to the relevant authorities and notify affected parties as required.
Be ready before it happens
A short incident response plan — who to call, how to isolate systems, where the backups are — is the difference between a few hours of disruption and weeks of crisis. We help businesses build that readiness through assessments and practical guidance.