Ransomware: When Your Files Are Held Hostage
A single click on an infected attachment encrypts every file on your computer and your team's shared drive. Learn what ransomware is, how it spreads, and how to prevent it.
The scenario
Fatima in the accounting department receives an email that appears to be from a courier company: "Your package delivery failed. See attached shipping label for details."
She opens the attachment — a file called Shipping_Label_June2026.pdf.exe. Nothing seems to happen, so she closes it and continues working.
💣 30 Minutes Later...
A terrifying message appears on her screen:
A terrifying message appears on her screen:
⚠️ YOUR FILES HAVE BEEN ENCRYPTED ⚠️
All your documents, photos, and databases have been locked.
Pay 2.5 Bitcoin ($147,000) within 72 hours
or your files will be permanently deleted.
PAYMENT ID: RNS-7742-AQZX
All your documents, photos, and databases have been locked.
Pay 2.5 Bitcoin ($147,000) within 72 hours
or your files will be permanently deleted.
PAYMENT ID: RNS-7742-AQZX
Within an hour, the ransomware has spread through the network to the shared file server, encrypting 3 years of financial records, client contracts, and project files. The company grinds to a halt.
The Real-World Cost
| Impact | Cost |
|---|---|
| Ransom demand | $147,000 |
| Business downtime (2 weeks) | $320,000 |
| IT recovery costs | $85,000 |
| Lost clients | $200,000+ |
| Total | $752,000+ |
What to learn
🛡️ How Ransomware Spreads
- Email attachments — infected PDFs, Word docs, or disguised .exe files
- Malicious links — drive-by downloads from compromised websites
- Unpatched software — exploiting known vulnerabilities in outdated systems
- Remote Desktop Protocol (RDP) — brute-forcing weak passwords on exposed systems
✅ Your Ransomware Prevention Checklist
☑️ Never open unexpected attachments — especially .exe, .zip, or macro-enabled files
☑️ Keep software updated — install patches as soon as they're available
☑️ Back up regularly — follow the 3-2-1 rule: 3 copies, 2 different media, 1 offsite
☑️ Don't enable macros — unless you explicitly trust the source
☑️ Report suspicious emails — it only takes one click to start an attack
☑️ Never open unexpected attachments — especially .exe, .zip, or macro-enabled files
☑️ Keep software updated — install patches as soon as they're available
☑️ Back up regularly — follow the 3-2-1 rule: 3 copies, 2 different media, 1 offsite
☑️ Don't enable macros — unless you explicitly trust the source
☑️ Report suspicious emails — it only takes one click to start an attack
🚫 Should You Pay the Ransom?
Law enforcement agencies worldwide recommend NOT paying. Paying doesn't guarantee your files back — and it funds criminal operations. The FBI reports that only 65% of organizations that pay actually recover their data.
Law enforcement agencies worldwide recommend NOT paying. Paying doesn't guarantee your files back — and it funds criminal operations. The FBI reports that only 65% of organizations that pay actually recover their data.