Ransomware is a type of malware that encrypts your files — documents, photos, everything — and then displays a message demanding payment (usually in cryptocurrency) to unlock them. It's serious, but understanding it clearly helps you both prevent it and respond calmly if it happens.

How Ransomware Gets In

The most common routes are:

  • Opening a malicious email attachment
  • Clicking a link that downloads and runs malware
  • Installing software from an untrustworthy source
  • Leaving Windows or software unpatched with known vulnerabilities

Prevention Is Far Easier Than Recovery

Keep Windows and your software updated

Go to Settings > Windows Update regularly. Many ransomware attacks exploit vulnerabilities that were patched months earlier.

Enable Controlled Folder Access

Windows Security includes a feature specifically designed to block ransomware. Open Windows Security > Virus & threat protection > Ransomware protection and turn on Controlled folder access. This prevents unauthorised programmes from modifying files in your Documents, Pictures, and other key folders.

Back up your files

A good backup is the best recovery from ransomware. See our guide on the 3-2-1 backup method — it could save everything.

If You're Hit Right Now

  1. Disconnect from the internet and your network immediately. Unplug the cable, turn off Wi-Fi. This limits how much ransomware can spread.
  2. Do not pay the ransom. Payment doesn't guarantee your files back, funds criminal activity, and marks you as someone willing to pay again.
  3. Report it to your local authority: FTC (USA), Canadian Anti-Fraud Centre, or Action Fraud (UK).
  4. Check for free decryption tools. The website nomoreransom.org (run by law enforcement and security companies) offers free decryption tools for many known ransomware strains.
  5. Restore from backup if you have one. Format the drive first or have a professional check the system before restoring.
Be sceptical of "ransomware removal" services that charge large fees and promise to get your files back. Many are scams that either do nothing or simply pay the ransom themselves and pass the cost on to you.

If you're unsure whether what you're seeing is real ransomware, ask us before doing anything else — we can help you identify it.