Locked Out? A Beginner's Guide to Ransomware

February 19th, 2025

In today’s interconnected world, where everything from cherished memories to vital business data is stored digitally, ransomware has emerged as one of the most pervasive cyber threats. The Australian Cyber Security Centre (ACSC) reports that ransomware attacks accounted for 11% of all self-reported cyber incidents for Australian businesses during the 2023–24 fiscal year, a troubling 3% increase compared to the previous year. For individuals and businesses alike, understanding ransomware is essential for safeguarding both personal and professional assets.

What Is Ransomware?

Ransomware is a type of harmful software (malware) that locks users out of their own files or systems by encrypting them. To regain access, the attackers typically demand a ransom, often in the form of crypto currency. Paying the ransom, however, offers no guarantees. Cyber criminals may demand additional payments or leak sensitive information regardless of whether the ransom is paid.

How Does a Ransomware Attack Work?

A ransomware attack generally follows a predictable series of steps:

1. Access
Cyber criminals find a way into your network by exploiting security weaknesses. Once inside, they deploy malware that encrypts data and may also exfiltrate sensitive information, threatening to expose it if the ransom isn't paid.

2. Activation
Once the ransomware is activated, your devices and files become inaccessible. Critical systems may become unavailable, making it difficult or impossible to carry out day-to-day operations.

3. Ransom Demand
The adversary typically display a message on the screen, outlining the ransom amount and instructions for payment, often requesting crypto currency. While they may promise a decryption key to restore access, there is no certainty that the criminals will follow through even if the ransom is paid.

Why Ransomware Is a Serious Threat

The impact of ransomware attacks can be profound:

  • Downtime: Systems may be offline for extended periods, disrupting operation.

  • Financial Losses: The cost of navigating an ransomware incident and the cost of recovery can be significant.

  • Reputational Damage: Loss or exposure of data can severely harm an organisation credibility and trust with your clients, staff, vendors, and broader public.

  • Permanent Data Loss: Without proper backups, critical data may be irretrievably lost.

How to Recognise Ransomware Attacks

Ransomware often infiltrates systems quietly, but there are key warning signs:

  • Pop-up messages demanding payment to unlock files.

  • Inability to access devices or online accounts.

  • Files that are moved, renamed, or have unfamiliar extensions.

  • Unexpected password prompts for files that normally do not require them.

How to Protect Yourself from Ransomware

1. Phishing Emails → Employee Awareness & Email Security

💡Best Prevention Actions:

  • Train employees to recognise phishing attempts.

  • Use email filtering solutions to block malicious attachments and links.

  • Enable SPF, DKIM, and DMARC authentication to prevent email spoofing.

🛠Potential Response Actions:

  • If an employee clicks a malicious link, isolate the infected device immediately to prevent ransomware from spreading.

  • Report the phishing attempt to IT/security teams for further analysis.

2. Malicious Websites & Drive-By Downloads → Browser & Endpoint Security

💡Best Prevention Actions:

  • Use web filtering tools to block access to suspicious or malicious sites.

  • Keep browsers and plugins updated or disabled if not needed.

  • Implement an ad blocker to reduce exposure to malvertising.

🛠Potential Response Actions:

  • If ransomware is suspected after visiting a site, run a full system scan with endpoint security software.

3. Exploiting Security Vulnerabilities → Patch Management & Network Security

💡 Best Prevention Actions:

  • Regularly update and patch operating systems, software, and firmware.

  • Disable unnecessary services and ports, especially RDP (if not needed).

  • Implement network segmentation to prevent lateral movement of ransomware.

🛠 Potential Response Actions:

  • If ransomware enters through an unpatched vulnerability, apply emergency patches, check for indicators of compromise, and isolate affected systems.

What to Do If You’re a Victim of Ransomware

If you suspect you've fallen victim to a ransomware attack:

  1. Disconnect your device from the internet immediately.

  2. Report the attack to your IT team to assist with recovery and mitigate further damage.

  3. Report the cyber incident.

Stay Proactive, Stay Secure

Ransomware may be an increasing threat, but with the right knowledge and proactive measures, you can reduce your vulnerability. By staying vigilant and prepared, you’ll be in a stronger position to face any cyber challenges that arise.

For more personalised advice or assistance with cyber security solutions please reach out to CYBR.

These insights offer a limited overview and should not be considered professional advice. They are neither exhaustive nor complete. Effective mitigation requires a tailored strategy based on the attack vector, system architecture, and organisational risk landscape.