What Is Ransomware? Understanding and Preventing Attacks

Malware is an ever-present threat on the Internet as hackers attack vulnerable Internet users in order to gain access to their information, take control of their technology, or manipulate them for monetary gain. Ransomware is one type of malware that users need to be aware of. In this article, learn what ransomware attacks are, how they work, and how to prevent ransomware from damaging your data or devices.

What is ransomware?

Ransomware, as the name implies, is a form of malicious software that uses cryptography to hold a victim’s information hostage until a ransom is paid. Ransomware encrypts files, restricting victims’ access to their data or applications. Cybercriminals use the promise of decrypting those important files to demand payment, essentially holding your information at ransom in exchange for payment.

How ransomware works

Ransomware is based on a kind of cryptography called asymmetric encryption. A pair of keys generated specifically for the attack encrypts and decrypts the stolen files. The ransomware drops onto a computer or system and infects it, locating and encrypting critical files. The cybercriminal sets a deadline—typically a day or two—and the victim has to pay to decrypt the files before they’re permanently gone.

Once the victim has paid the ransom, the decryption keys to “unlock” the files are available for use. That is, assuming the hacker holds up their end of the deal and actually does release the files after payment.


Ransomware is a severe cyber threat that preys on unprotected systems. While it’s possible to regain access to files that have been stolen or encrypted through this type of malware, offense makes the best defense. Focus on ransomware prevention; protect your computer before becoming victim to an attack rather than trying to pick up the pieces after the fact.

How ransomware spreads

It can be difficult to determine where ransomware came from. Email campaigns are a common distribution method; users open emails with a broken link or download a file from a suspicious website, accidentally downloading malicious software in the process.

Unfortunately, different forms of ransomware infections have become more common in recent years thanks to the rise of things like ransomware-as-a-service (RAAS). Ransomware-as-a-service allows malware developers to sell the damaging technology they’ve created to customers who take on the brunt of the risk involved with launching an attack.

Like other forms of malware, ransomware spreads by design, so it can completely take down a corporation or computer network by freezing critical information or systems. It’s also damaging to individuals who are at risk of having their information exposed. Ransomware tends to stay on a user’s system until the hacker collects the information for ransom, but it doesn’t always disappear afterwards. Ransomware attacks are debilitating, whether the victim is just one person or a big company.

Preventing ransomware attacks

Though not always easy, preventing ransomware attacks isn’t impossible. The best way to keep your files safe is to take proactive steps. Follow these tips to prevent ransomware before it even takes root, whether you’re an individual user or part of a large network.

How to prevent ransomware attacks as an individual

All computer users should know how to prevent malware attacks on their own personal devices. Consider taking these steps:

  • Use a strong antivirus software program. Using an up-to-date antivirus protection program helps protect against all kinds of malware.
  • Prepare a data backup plan. Establish a data backup and recovery plan for all important files, information, and programs to minimize damage should an attack happen.
  • Don’t open suspicious emails or attachments. This is a popular method of malware distribution. Phishing emails employ the same strategy; the user downloads an attachment and accidentally downloads malware as well. If you can, encrypt your email, and be careful with unfamiliar emails, links, attachments, and downloads.
  • Don’t visit non-HTTPS websites. Websites without the locked padlock symbol in the address bar are potentially unsafe. Check that a site enables HTTPS before using it, and screen files before downloading them from any website.
  • Restrict users’ abilities to install and run software applications on your network. This helps prevent ransomware from spreading between devices and network traffic.

These steps help protect your computer and you against ransomware attacks. Even if you practice good online safety and don’t think you have any files worth ransoming, it’s better to be safe rather than become a victim.

How to prevent ransomware attacks on a network

The Institute for Security and Technology, in their 2022 Blueprint for Ransomware Defense, outlines an action plan that focuses on ransomware prevention through team and company structure. For larger companies that are especially vulnerable to systemic attacks, the plan outlines these steps, among others, to limit the chances of losing important business data in a company-wide attack.

  • Follow the principle of least privilege. Users should only be given privileges, or access to files, that they need to complete a task. The fewer user accounts that have access to important documents, the lesser the risk of those files being compromised in an attack.
  • Have a company-wide action plan in place before an incident occurs. This includes what to do in regards to locking accounts, backing up files, and remediation post-attack. Having a plan before anything happens will allow your company to respond most effectively after an incident.
  • Establish and maintain a data recovery process. Assign a team to work on and maintain a plan for both protecting and recovering data in case of an incident. Keep in mind that any sensitive data backups should be kept on a separate system or network; any backups on the same network also run the risk of encryption after an attack.
  • Train employees in the workforce to recognize social engineering attacks and security incidents. Network-wide attacks can stop with an individual. Train all employees and contractors on what to look for regarding potential social engineering attacks or ransomware incidents. This reduces the chances of an employee unknowingly downloading malicious software or a virus.

What to do during a ransomware attack

Unfortunately, even for the cautious, ransomware attacks can happen. If you find your information or computer system taken hostage by cybercriminals, knowing what to do—and what not to do— makes all the difference. If you are in the middle of a ransomware attack, follow these four steps.

  1. Isolate the attacked device. This especially matters if your device is part of a network or larger system, like at the office. Disconnect the infected device from the shared network and Internet as soon as possible to minimize the spread.
  2. Determine where the ransomware came from. Check the alerts for your anti-malware programs. Review your email carefully too; you may have downloaded a malicious link from an email without realizing it.
  3. Identify the type of ransomware you’re dealing with. Figuring out the exact kind of ransomware you have on your device can be difficult, but it helps when attempting to recover the information. Sites like No More Ransom help you free the data that’s being held for ransom. They also help identify the sort of malware that you’re dealing with. Identify how the ransomware you have behaves, and you’ll be able to monitor the state of your device, plus other operating systems that may be at risk for infection.
  4. File a report with the police or other authorities. If you are a victim of ransomware, you are a victim of a crime. The police may also be able to help catch the perpetrator and deliver a successful decryption of the stolen information.

Should you pay the ransom in a ransomware attack

No, you should not pay the ransomware immediately in a ransomware attack. Though it’s tempting to do so, it’s likely that even paying the ransom won’t return your encrypted files. In some cases, paying the ransom works, but it’s not the first step that a victim should take if they find they’re in the middle of an attack.

Ultimately, hackers seek vulnerabilities in victims; if they believe they do not need to return the files to obtain ransom, they won't. Instead, contact the police or law enforcement agencies to properly report the crime. They'll help figure out a way to securely return your information.

If you find you’re experiencing ransomware, it’s important that you also don’t just ignore the issue. Even if the stolen files weren’t essential to you or your business, ransomware can spread; ignoring it may only make the problem worse.

Furthermore, don’t attempt to back up other files on an infected computer or device. Backing up your files and having a secure recovery system in place is an important preventative measure. However, you don’t want to try and back up files after the ransomware attack has happened. Unfortunately, if you’re in the middle of dealing with ransomware, it’s too late to back up the file that’s been taken. You’ll only risk multiplying the ransomware or spreading it to other devices.

Frequently asked questions

Can you get rid of ransomware?

Yes, it’s possible to get rid of ransomware. Though in some cases, the ransomware deletes itself after the initial attack, it’s standard for users to need antivirus software to remove the ransomware from their device or network.

How long do ransomware attacks last?

Though there’s no set length of time for a ransomware attack, a study by IBM in 2022 found that the average ransomware attack lasted 326 days – 49 days longer than the average for previous years – and cost roughly $4.54 million.

What happens if you don’t pay ransomware?

Despite how it may seem, not paying for ransomware is your best course of action. Paying ransomware doesn’t guarantee the security of your files or information; while it’s possible that not paying could prolong the attack, it’s equally likely that paying won’t have an impact on the length of the attack either. Therefore, we recommend opting not to pay the ransom.