Ransomware is malicious software that encrypts your files β photos, documents, everything β and demands payment to get them back. It's the most damaging type of malware for home users and small businesses.
How Ransomware Gets In
Phishing emails are responsible for around 90% of ransomware infections. An email arrives appearing to be from Australia Post, the ATO, or a courier β with an attachment or link. Clicking it runs the malware.
Drive-by downloads happen when visiting a compromised website. The site silently exploits a browser or plugin vulnerability.
RDP attacks target businesses. Criminals scan the internet for computers with Remote Desktop Protocol exposed and brute-force weak passwords.
What Happens When You're Hit
The malware begins encrypting files immediately β often starting with documents, photos and spreadsheets before moving to system files. When finished, it displays a ransom note demanding payment (usually in Bitcoin) with a countdown timer. Files are renamed with an extension like .encrypted, .locked or a random string.
Should You Pay the Ransom?
The Australian Cyber Security Centre advises against paying. Reasons: payment funds criminal operations, doesn't guarantee your files are restored (around 20% of payers don't receive working decryption keys), and marks you as a paying target for future attacks.
The Three Things That Actually Prevent Ransomware
1. A proper backup strategy. The 3-2-1 rule: 3 copies of your data, on 2 different media, with 1 offsite (cloud). If you have a clean backup from yesterday, ransomware is an inconvenience, not a catastrophe.
2. Don't click email attachments you didn't expect. Regardless of how official the email looks. If Australia Post emails you about a parcel you're not expecting, go to their website directly β don't click the link.
3. Keep Windows and software updated. Most ransomware exploits known vulnerabilities that are already patched. Keeping updates current closes these doors.
If You're Hit Right Now
Disconnect from the internet and Wi-Fi immediately (pull the ethernet cable, turn off Wi-Fi). This limits how far the encryption spreads across network drives. Call a professional β do not restart the computer, as some ransomware variants start a final destructive wipe on reboot.