Antivirus & Security

Ransomware: What It Is and What to Do If You're Hit

Ransomware locks your files and demands payment to get them back. Here's a clear-headed explanation of what it is, how to avoid it, and what your options are if it happens.

Ransomware: What It Is and What to Do If You're Hit
Photo: FlyD Β· Unsplash
On this page
  1. How Ransomware Gets In
  2. Prevention Is Far Easier Than Recovery
  3. If You're Hit Right Now

Ransomware is a type of malware that encrypts your files β€” documents, photos, everything β€” and then displays a message demanding payment (usually in cryptocurrency) to unlock them. It's serious, but understanding it clearly helps you both prevent it and respond calmly if it happens.

How Ransomware Gets In

The most common routes are:

  • Opening a malicious email attachment
  • Clicking a link that downloads and runs malware
  • Installing software from an untrustworthy source
  • Leaving Windows or software unpatched with known vulnerabilities

Prevention Is Far Easier Than Recovery

Keep Windows and your software updated

Go to Settings > Windows Update regularly. Many ransomware attacks exploit vulnerabilities that were patched months earlier.

Enable Controlled Folder Access

Windows Security includes a feature specifically designed to block ransomware. Open Windows Security > Virus & threat protection > Ransomware protection and turn on Controlled folder access. This prevents unauthorised programmes from modifying files in your Documents, Pictures, and other key folders.

Back up your files

A good backup is the best recovery from ransomware. See our guide on the 3-2-1 backup method β€” it could save everything.

If You're Hit Right Now

  1. Disconnect from the internet and your network immediately. Unplug the cable, turn off Wi-Fi. This limits how much ransomware can spread.
  2. Do not pay the ransom. Payment doesn't guarantee your files back, funds criminal activity, and marks you as someone willing to pay again.
  3. Report it to your local authority: FTC (USA), Canadian Anti-Fraud Centre, or Action Fraud (UK).
  4. Check for free decryption tools. The website nomoreransom.org (run by law enforcement and security companies) offers free decryption tools for many known ransomware strains.
  5. Restore from backup if you have one. Format the drive first or have a professional check the system before restoring.
Be sceptical of "ransomware removal" services that charge large fees and promise to get your files back. Many are scams that either do nothing or simply pay the ransom themselves and pass the cost on to you.

If you're unsure whether what you're seeing is real ransomware, ask us before doing anything else β€” we can help you identify it.

Frequently asked questions

Should I ever pay the ransom?

We recommend against it. Law enforcement agencies in the US, UK and Canada all advise not paying. There is no guarantee you'll receive a working decryption key. Payment funds criminal networks and can result in you being targeted again. Explore the free tools at nomoreransom.org first, and if you have a backup, use it.

My files have weird extensions I don't recognise. Is that ransomware?

It could be. Ransomware typically changes file extensions after encrypting them (for example, your document might become 'report.docx.locked'). If files you can't open have unexpected new extensions, disconnect from the internet and don't restart your computer yet. Search for the extension name plus 'ransomware' online from another device to identify the strain, then check nomoreransom.org for a free decryption tool.

Marcus Bell

IT support veteran who breaks messy tech problems into simple, ordered steps anyone can follow.

Comments & Questions (0)

No comments yet β€” be the first to ask. Comments appear after review.

Leave a comment

Your comment appears after our team approves it. Or sign in to post faster.