Understand how ransomware attacks work, how to prevent them, and what to do if an attack occurs.
Ransomware — What It Is and How to Avoid It
Ransomware encrypts your files and demands payment for the decryption key. It has crippled hospitals, councils, and major businesses worldwide — and it almost always starts with a single person clicking the wrong thing.
How a Ransomware Attack Unfolds
⛔ Important
Modern ransomware gangs spend days to weeks inside a network before triggering encryption. They use this time to spread to every server, delete backups, and steal data for double-extortion. By the time files are locked, the damage is already enormous.
How Ransomware Gets In
The most common delivery methods are:
- Phishing emails with malicious attachments or links (~70% of cases)
- Exposed Remote Desktop Protocol (RDP) — port 3389 open to the internet
- Unpatched vulnerabilities in internet-facing systems
- Compromised credentials from previous breaches (credential stuffing)
- Malicious downloads from compromised websites
What Happens to Your Files
Should You Pay the Ransom?
⚠ Warning
Law enforcement agencies (including the AFP and FBI) advise against paying ransoms. Payment:
– Does not guarantee you will receive a working decryption key
– Funds criminal operations and encourages future attacks
– May place you on a list of “payers” who are likely to pay again
– In some jurisdictions, paying a sanctioned group may be illegal
Your Best Defences
- Backups — maintain offline or immutable backups that ransomware cannot reach. Test them regularly.
- Patch promptly — most ransomware exploits known, patchable vulnerabilities
- Don’t open unexpected attachments — the #1 delivery method
- Disable macros — Office macros enabled by default are a major vector
- Report suspicious activity early — if you see files being renamed or unusual network activity, report it immediately. Early detection can stop the spread.
✓ Key Point
The 3-2-1 backup rule is your best ransomware insurance:
– 3 copies of your data
– 2 different media types
– 1 copy stored offsite (or in immutable cloud storage)
If your backups are connected to the network when ransomware strikes, they will be encrypted too.
What to Do If You Suspect Ransomware
If files are renaming themselves, your computer is unusually slow, or you see a ransom note:
- Disconnect from the network immediately — unplug the ethernet cable or turn off Wi-Fi
- Do not shut down the computer — memory may contain evidence
- Call IT immediately — every second of connectivity allows further spread
- Do not pay without consulting your organisation’s incident response team
Could your business survive a ransomware attack?
Ransomware doesn’t just lock files — it can take a business offline for weeks, and it deletes any backups it can reach on the way through. Mobile Techs IT Service helps Gold Coast businesses build real ransomware resilience: 3-2-1 backup strategies with offline copies, patching and update management, MFA rollout, Office macro hardening, and a tested recovery plan — so an attack becomes an inconvenience, not a catastrophe. Home users welcome too — on-site or remote, anywhere in Australia.
Get your ransomware defences reviewed → or call 1300 644 588


