Security Awareness
What is Ransomware?
A plain-English guide to one of today’s most damaging cyber threats — and how to stay protected.
The Basics
What is ransomware?
Ransomware is a type of malicious software (malware) that locks you out of your own files — then demands payment to give them back. Think of it like a digital padlock that a criminal places on everything stored on your computer or company network. Until you pay, you can’t open a single file.
The name comes from the word ransom — just like in a kidnapping, the attacker holds something valuable hostage and asks for money in exchange for releasing it.
Real-World Impact
Ransomware attacks have shut down hospitals, school districts, law firms, and small businesses — sometimes for days or weeks. The average ransom demand for a small business is tens of thousands of dollars, and paying doesn’t guarantee you’ll actually get your files back.
How It Happens
How does ransomware get onto a computer?
Attackers don’t need to physically touch your computer. The most common ways ransomware gets in are:
Phishing emails — You receive an email that looks legitimate (a delivery notice, an invoice, a voicemail) and click a link or open an attachment. That click silently installs the ransomware.
Fake software or downloads — A pop-up warns you that your computer is infected and offers a “free fix.” The fix is the infection.
Compromised websites — Visiting a hacked website can sometimes trigger a download without you clicking anything at all.
Weak passwords or stolen credentials — Attackers log in directly to remote access tools using guessed or leaked passwords.
What It Looks Like
What happens during an attack?
Ransomware usually works silently in the background. By the time you see anything, the damage is already done. Here’s the typical sequence:
The ransomware quietly spreads across your computer and network, finding every file it can — documents, photos, spreadsheets, databases.
It encrypts (scrambles) those files so they become completely unreadable — even to you.
A ransom note appears on your screen demanding payment — usually in cryptocurrency — within a deadline. Miss the deadline and the price goes up, or the files are permanently deleted.
Example Scenario
Sarah in accounting opens an email that looks like it’s from FedEx about a delayed package. She clicks the tracking link. Nothing seems to happen. The next morning, every file on the shared drive shows an error and a message on her screen reads: “Your files have been encrypted. Pay $25,000 in Bitcoin within 72 hours to restore them.”
Should You Pay?
If it happens — should you pay the ransom?
In most cases, no. Here’s why:
Paying funds criminal operations and encourages more attacks.
There’s no guarantee the attackers will actually decrypt your files after payment.
Businesses that pay are often targeted again — attackers know they’ll pay.
The best outcome comes from having good backups and a response plan ready before an attack ever happens.
Stay Protected
How can you help prevent it?
Think before you click. If an email feels unexpected or urgent, verify by calling the sender before opening any attachment or link.
Never plug in a USB drive you found or were given unexpectedly — it’s a known delivery method.
Use strong, unique passwords for every account — and enable multi-factor authentication (MFA) wherever possible.
Keep your computer and software updated. Many attacks exploit known vulnerabilities that updates already fix.
Report anything suspicious to your IT team immediately — even if you’re not sure it’s a threat. Early detection is everything.
If You See Something, Say Something
If you accidentally click a suspicious link or notice anything unusual on your computer — strange pop-ups, files you can’t open, a slow machine — stop what you’re doing and call IT right away. The sooner we know, the faster we can contain it.
KB-SEC-001 · Security Awareness