Ransomware Explained: What It Is, Examples, and Prevention Strategies
Ransomware is a type of malicious software (malware) that encrypts the victim’s data or locks them out of their system, demanding payment (usually in cryptocurrency) to restore access. It has become one of the most prevalent and financially damaging cyber threats today.
What is Ransomware?
At its core, ransomware prevents users from accessing their systems or files by encrypting them and demands a ransom to restore access. Attackers typically threaten permanent data loss or public exposure if their demands aren’t met promptly.
How Does Ransomware Spread?
Common ransomware infection vectors include:
- Phishing emails: Malicious links or attachments disguised as legitimate.
- Malicious websites: Drive-by downloads without user consent.
- Remote Desktop Protocol (RDP): Exploited vulnerabilities or weak passwords.
- Software vulnerabilities: Exploiting outdated or unpatched software.
Notable Examples of Ransomware Attacks
- WannaCry (2017):
- Affected over 200,000 computers globally.
- Exploited Windows vulnerabilities to propagate rapidly.
- Severely impacted hospitals, businesses, and government institutions.
- Marks & Spencer (April 2025)
- In late April 2025, M&S was reportedly hit by Scattered Spider / DragonForce ransomware. The attack used a SIM-swapping tactic via a third-party IT provider, disrupting contactless payments, click‑and‑collect orders, and its website.
- Revenue loss was estimated as high as £300 million, wiping over £1 billion from its market value..
- M&S opted not to pay and instead rebuilt systems, leading to weeks of service disruption.
- In late April 2025, M&S was reportedly hit by Scattered Spider / DragonForce ransomware. The attack used a SIM-swapping tactic via a third-party IT provider, disrupting contactless payments, click‑and‑collect orders, and its website.
- British Library (October 2023)
- Hackers from the Rhysida group targeted the British Library, seizing about 600 GB of data and demanding 20 BTC ransom.
The library refused to pay; eventually, nearly all stolen data was leaked publicly, and restoration consumed roughly £6–7 million of its reserves.
- Hackers from the Rhysida group targeted the British Library, seizing about 600 GB of data and demanding 20 BTC ransom.
Prevention Strategies
To safeguard against ransomware attacks, consider implementing the following measures:
- Regular Data Backups:
- Maintain frequent and offline backups, ensuring they are encrypted and isolated.
- Security Awareness Training:
- Educate employees on recognising and handling phishing emails, malicious attachments, and suspicious websites.
- Update and Patch Management:
- Regularly update operating systems, software, and applications to address vulnerabilities.
- Robust Endpoint Protection:
- Use advanced antivirus and anti-malware software to detect and neutralise threats in real-time.
- Restrict Administrative Privileges:
- Limit administrative rights to essential personnel to minimise potential points of compromise.
- Email Filtering Solutions:
- Implement advanced filtering systems to detect and block malicious content before it reaches users.
- Implement Network Segmentation:
- Separate sensitive systems from general user environments, reducing lateral movement by attackers.
What to Do if You’re Infected?
If ransomware infection occurs:
- Isolate the infected device immediately.
- Inform your IT or cybersecurity team immediately.
- Do not pay the ransom immediately: Engage with law enforcement and cybersecurity experts first.
- Restore data from clean backups, if available.
Conclusion
Ransomware remains a significant threat, and its potential impact can be devastating. Prevention through robust cybersecurity measures, vigilant practices, and preparedness is crucial. Staying informed and proactive significantly reduces the risk of becoming a ransomware victim.