Ransomware in Plain English
Ransomware is a type of malicious software that breaks into your computer, encrypts your files — making them completely unreadable — and then demands a payment (a "ransom") to unlock them. It's one of the most damaging cyber threats facing small businesses today, and it doesn't discriminate by size: a one-person consultancy is just as likely a target as a large corporation.
How Does Ransomware Get In?
The most common routes are:
Phishing emails — a fake email with a malicious link or attachment. Opening the attachment or clicking the link installs the ransomware. See our guide to spotting phishing emails.
Unpatched software — ransomware regularly exploits known vulnerabilities in Windows, Office and other software. Keeping everything updated closes these gaps.
Remote Desktop Protocol (RDP) — businesses that leave RDP (remote access) open to the internet with weak passwords are a common target. Attackers scan for open RDP ports and brute-force their way in.
Compromised credentials — if a password is stolen or reused from a leaked database, attackers can log straight into your systems.
What Happens When It Hits
Once ransomware is on your system, it moves fast. It typically scans your local drives, network shares and sometimes connected cloud storage (like OneDrive) and encrypts everything it finds — often within minutes. Files get renamed with unfamiliar extensions and become impossible to open. A ransom note then appears with payment instructions.
Many modern variants also exfiltrate your data before encrypting it, threatening to publish it publicly if you don't pay — a tactic known as "double extortion."
How to Protect Yourself
No single measure is enough — layered protection is what works:
Backups, backups, backups — the single most important protection. Regular backups that are stored separately from your main systems (offsite, or cloud storage that doesn't sync automatically) mean you can restore everything without paying. Test your backups periodically to make sure they actually work.
Keep software updated — enable automatic Windows updates and keep all software patched. Most ransomware attacks exploit vulnerabilities that already have fixes available.
Use a reputable antivirus — modern endpoint security tools can detect and block ransomware behaviour before it encrypts anything.
Enable Multi-Factor Authentication — MFA stops attackers who have stolen a password from being able to log into your accounts.
Limit who can access what — if a ransomware infection can only reach files the infected user has access to, the damage is contained. Give staff access only to what they need.
Train your team — most infections start with a human clicking something. A basic awareness of phishing email signs goes a long way.
If You've Already Been Hit
Disconnect the affected device from your network immediately — unplug the ethernet cable or turn off Wi-Fi — to stop the ransomware spreading. Don't turn the device off (memory forensics may still help). Contact a professional and, if the incident affects personal data, report it to the ICO within 72 hours.
Related Guides
How to Spot a Phishing Email
Six warning signs that take 60 seconds to check.
How to Set Up Microsoft 365
Including MFA, which is one of the best ransomware defences.
Cyber Security Services
Antivirus, firewalls, backups and audits, configured remotely.
Based in Surrey? We Can Help
We support home users and small businesses across the whole of Surrey remotely — including Epsom, Guildford, Dorking, Kingston, Woking, Reigate and Cobham. View all Surrey areas →
Frequently Asked Questions
Should I pay the ransom if my files are encrypted?
Generally no. Paying the ransom doesn't guarantee you'll get your files back, funds criminal organisations, and often marks you as a target for repeat attacks. The better route is to restore from a clean backup — which is why having backups in the first place is so critical.
Can ransomware spread to other computers on my network?
Yes. Many ransomware variants are designed to move across a network and encrypt every device they can reach — including shared drives and cloud storage that's syncing. This is why isolating an infected device immediately is so important.
What's the most effective protection against ransomware?
A combination of regular offline or cloud backups (tested and verified), up-to-date software, good antivirus, and training staff to recognise phishing emails. No single measure is enough on its own — layered protection is the standard approach.