Sign up to V-Hub

Do you need help with something?

Chat to an Advisor

Share this article

What is ransomware and how to prevent it

11 Jul 2025
3 min
Save
ArticlesDigital SecurityTypes of attacks

Quick summary

What is ransomware? Discover the different types, how it strikes, and the impact it can have on your business.
Know what to do. Follow clear, practical steps to contain the damage, report the incident, and make a fast recovery.
Protect your business. Learn how to prevent attacks and build long-term resilience.

Ransomware is one of the fastest-growing threats in cybersecurity, targeting two out of three organisations in 2023. Half of them were successful, and whether you’re running a 10-person consultancy or building a nationwide brand, you’re equally at risk.

We explain what ransomware is, cover common attacks and provide some practical steps for ransomware prevention.

What is ransomware in simple words?

Ransomware is a cyberattack that stops you accessing your data and systems, usually by locking your data. The attacker then demands money (often in cryptocurrency) to unlock it.

There are a few types–all designed to make you pay.

  • Crypto ransomware encrypts your data.

  • Locker ransomware locks your device entirely.

  • Scareware bombards you with fake warnings to make you click malicious links.

  • Double extortion threatens to leak your private data, even if you regain access.

How does ransomware work?

Ransomware often gets in through someone slipping up or a gap in the system. It then quickly disrupts everything in its path. By the time you see the ransom note, the damage is already done.

Here’s how a typical attack unfolds:

  • Access: Usually through one wrong click or download–a phishing email, malicious attachment, or outdated software.

  • Installation: It runs in the background, potentially disabling security tools or exploiting admin privileges to remain hidden. Almost all (94%) also go for your backups.

  • Encryption: Your files are locked, making them impossible to open without a unique decryption key.

  • Spreading: It jumps across shared drives, servers, and devices, causing maximum damage.

  • Demand: A ransom note appears. Your data’s locked. Pay up or lose it all.

  • Escalation: Attackers may add time limits, demand more money, or threaten to leak sensitive data.

What happens if you get ransomware?

Ransomware can bring your entire business to a standstill.

  • Work stops

Teams lose access to the tools, files and systems needed to do their jobs.

  • Customers and partners are affected

Delays, data loss and communication breakdowns can damage trust and relationships.

  • Reputation and compliance fallout

A leak or breach can lead to regulatory scrutiny, legal action, and long-term brand damage.

How can ransomware be prevented?

The best preparation against it is an ‘all hands on deck’ approach that covers people, systems, and strategy, and makes you a much tougher target.

  • Back up and safely store your data

Regular, automated backups are essential. But they’re only useful if they work. Test your backups regularly, store copies offline or in cloud services with version history so you can recover and restore data quickly if needed.

  • Keep systems and software updated

Outdated software is a gift to attackers. Make updating part of your routine, not something you leave for ‘later’.

  • Train your team

Regular security awareness training helps your people recognise suspicious activity and act before damage is done.

  • Restrict access

Limit admin rights to only those who need them. Use strong passwords, multi-factor authentication and review permissions regularly.

  • Segment your network

Break up your network and isolate critical data to restrict ransomware moving across systems.

  • Use advanced detection tools

EDR (Endpoint Detection and Response) tools track unusual behaviour on devices like laptops and phones. IDS (Intrusion Detection Systems) keep an eye on your network and flag threats in real time.

  • Test your defences

Simulate an attack. A reputable tester can highlight weaknesses across your setup, procedures and behaviours – and help you fix them.

  • Plan for recovery, not just prevention

Good defences reduce your risk, but resilience helps you bounce back. A solid business continuity plan – fallback tools, manual processes, cloud access – keeps you going even if systems are down.

It’s also worth knowing what your insurance covers and what evidence you’ll need if you ever need to make a claim.

Remember, the faster you respond, the smaller the impact.

What to do if your business is hit by ransomware

Ransomware is designed to give you no time to think. The first rule is, don’t panic. Here’s how to take control and limit the damage:

1. Don’t pay

No matter how tempting, don’t give in. Paying doesn’t guarantee you’ll get your data back – and it often leads to more demands. In fact, 63% of businesses who paid only recovered some of their information. Additionally, 78% of businesses were attacked again and 63% were asked to pay even more.

2. Contain the damage

Your top priority is to stop the spread. Disconnect infected devices–including anything linked to shared drives or cloud services–and stop any automated syncing or backups.

3. Report it

Tell the police or your national cybercrime body. Ransomware is a criminal act, and your report could help stop others getting attacked.

4. Activate your business response plan

Alert key internal and external stakeholders, communicate clearly and honestly with customers, partners and team members, and preserve evidence for investigation.

5. Check your legal and regulatory obligations

If sensitive data is involved, you might need to notify regulators or customers. Don’t wait. Delays can lead to penalties under GDPR or other industry-specific rules.

6. Identify the ransomware

Some ransomware types have free decryptors available. Services like ID Ransomware can help analyse what you’re dealing with based on the ransom note or sample files.

7. Reset user credentials

Change passwords across affected systems–especially admin accounts, remote access tools, and third-party platforms. Do it again once the systems are clean.

8. Keep detailed records

Document everything – what was affected, when, how you responded, and who was involved. This helps with insurance claims and investigations.

9. Review what happened

Once the immediate threat is over, look at what happened and how you handled it. What worked and what didn’t? Use that insight to strengthen your future plans.

Protect your business from security risks

Ransomware isn’t the only threat out there. Spyware, phishing scams, and other cyber attacks are constantly testing your defences.

Learn how to spot and stop spyware before it causes damage, and get practical help in our guide on 10 ways to stay safe online.

Want to build team awareness? Explore cybersecurity and your employees and the basics in what is a cyber attack?

Ransomware is a real business risk, but it doesn’t have to be inevitable. With the right protections, clear response plans, and a proactive mindset, you can build resilience and bounce back fast if something goes wrong.

Want more information about ransomware or like to learn more about cybersecurity across the board? Our V-Hub Digital Advisers are here to help. You can also read the full report from Fortinet here.

Discover More

More news and insights

Digital Security
Insider threat - What is it and could your SME be at risk?

11 Jul 2025

Insider threat - What is it and could your SME be at risk?

35% of all data breaches come from inside. Discover the real risks of insider threats – from negligence to sabotage – and what to do to prevent them.

Digital Security
Bring your own device: A smart business solution or big security risk?

06 Nov 2022

Bring your own device: A smart business solution or big security risk?

Letting employees use their own devices has its perks, but it can also expose your business to cyberattacks. Here’s how to protect against this.