What Is a Ransomware Attack and How Does It Work?


For you to protect the important and confidential data within your organisation, it’s important to understand how ransomware attacks work.

Ransomware is one of the most prominent and visible types of malware circulating the online world, and can result in loss of files, data, company funds, and in extreme cases bankruptcy.

As with any form of cyber attack it is important to know how ransomware can affect the files and data within your company, in order to successfully implement the right strategy to protect your information.

Therefore, in this post we will look into different types of ransomware attacks, how they work, and how to protect your organisation’s network against attackers looking to steal files, and financially exploit your company.

But first, let’s start by looking at what a ransomware attack involves.

What Is a Ransomware Attack?

A ransomware attack uses a specific malware to deny a user or organisation access to the files and data stored on their computer or device.

Cyber threat actors gain access to a network and encrypt the files within said network, before demanding a ransom is paid.

This ransom is usually a sum of money that is paid in exchange for a decryption key, or regaining access to files and data.

In most cases paying the ransom may seem like the cheapest, easiest, and fastest way to regain access to files, however this is not recommended.

Ransomware attacks can often spread across an organisation and paralyse an entire network, meaning paying ransom for one set of files doesn’t mitigate further attacks across the network.

Equally, you are dealing with criminals, so paying a ransom won’t necessarily ensure the security of your files overall.

Anyone can be a target of a ransomware attack, and it is not the information the attackers are looking for, it is an attack based around financial gain.

Therefore, it is important to be aware of the different types of ransomware attack, and how to best protect your network against them in the future.

hacker wearing a mask

Popular Types of Ransomware

There are many variations of ransomware that exist today, however there are 4 main types of attack that use slightly different methods to gain access to files and demand a ransom to be paid.

1. Locker Ransomware

Locker ransomware involves attackers blocking user access to files entirely, until a ransom is paid.

A message will pop-up with a ransom message asking for money to unlock a device.

This may contain a false message such as “this computer has been locked for viewing illegal content”, and then outline the amount to be paid.

2. Crypto Ransomware

Crypto ransomware is the most common and more widespread form of ransomware attack, and involves cyber threat actors encrypting some, or all files on a device.

Then the criminals will demand a ransom in exchange for a decryption key.

This ransomware can be spread through unsafe emails, websites and downloads, and therefore catches users out most often.

3. Double Extortion Ransomware

Double extortion ransomware, similarly to crypto ransomware, encrypts files, and exports data in order to blackmail victims.

However, this form of attack has an extra layer of threat, as attackers will often additionally threaten to publish the data they have found if the sufficient ransom is not paid.

Therefore, even if an organisation has backup versions of their data, the attacker still holds the power as they can easily share the information they have accessed for others to view.

4. Raas

Finally, we have Ransomware as a Service, or Raas, which involves attackers renting access to a specific strain of ransomware from an author or creator.

This is like a pay for use subscription service, and once users have purchased the use of the ransomware, they can conduct an attack as they wish, encrypting files and demanding a sum of money.

Once the attacker receives the ransom, a portion of the money is paid to the creator of the strain, based on pre-agreed terms.

How Ransomware Works

Despite there being a variety of different ways to attack a network or even a singular device, most ransomware attacks follow the same pattern.

Ransomware attacks are fairly simple in that they consist of 3 main steps:

  • Access
  • Activation
  • Ransom Demand

As long as an attacker has the means and software to encrypt data or block users from files, they can follow the next steps in order to receive the payment they are looking for.


Firstly, attackers gain access to your network and take control.

A high percentage of these attacks occur through Phishing, meaning malicious emails are sent to victims and malware is mistakenly downloaded through email attachments or links.

This is how hackers penetrate into a network.

Once they are in, criminals can encrypt your data using specific software and they may also make a copy of your data to use as further blackmail.


At this stage, the cyber attackers will activate the encryption software to ensure devices are locked and data is inaccessible to all users within the organisation network.

Ransom Demand

Finally, the victim will receive a notification from the attacker asking for money, as well explaining the ransom, for example how to make a payment to regain access as soon as possible.

If you are a victim of a ransomware attack, it is essential to look over your cyber security architecture that is in place and find the gaps.

It’s important to understand how attackers have penetrated your network, and gained access to your systems, so you can be better prepared when future attacks occur.

This can be done by using vulnerability scanning tools, and implementing changes into your cyber security strategy in order to prevent future attacks.

laptop book and phone with chain and padlock

How to Protect Your Network Against Ransomware

If you fall victim to a ransomware attack there are some processes you can put in place to avoid further attacks in the future.

Ultimately, it is not advised by the National Cyber Security Centre that you pay for the ransom you are asked for, as it is not guaranteed you will regain access to your files.

Additionally, paying a ransom is endorsing the work of criminals, and your computer may remain infected and attackers may still possess your files and data.

Instead, it is important that after an attack has occured you and your organisation take steps to protect important and confidential data in the event of any future attacks.

Backup Your Data

Backing up your data should be a process included within your company’s cyber security strategy as although it won’t prevent risks, it can help to ensure the protection of your data.

It is essential to ensure that you have external copies of your data outside of company devices and systems, such as on external harddrives or in the cloud.

Then, in the event of an attack, you will be able to wipe your computer or device of all information, knowing you have a back-up copy.

This protects your data and there often won’t be a need to provide a ransom to the attacker, however if the attack is one of Double Extortion, attackers may still threaten to publish the data they have accessed and stolen.

Hence why this measure will help to mitigate risks, but when used alone it won’t prevent all types of ransomware attack.

Surf the Internet Cautiously

This step applies to any malware or cyber security attack, as being cautious on the internet will help to keep your data safe more generally, but this process still applies to ransomware attacks.

Don’t be afraid to use the internet, but it is important to stay alert and be careful particularly when using unfamiliar websites or software.

More specifically, your company can stay vigilant by downloading applications and software from trusted sources and app stores, and avoiding any messages or emails that look suspicious or are from an unknown sender.

Often attackers use these as pathways into organisations, so be sure to check links, email addresses and website URLs before clicking on anything.

Provide Security Awareness Training

The people within your organisation should be made aware of the risks that may threaten your company data.

Therefore, hosting or providing regular training sessions and workshops on cyber security for your team can act as another step in mitigating risks.

This training helps to ensure your teams know what to look out for and what to avoid when working online.

As well as providing necessary information, it can be useful to conduct drills or use Cyber War Games to prepare your company by using real life situations to test their preparation and response skills.

Install Antivirus Software

Similar to being cautious on the internet, it is important to be prepared for any type of cyber attacks, from Phishing, to Ransomware, to all types of hackers and hacking.

This can be done by installing antivirus software that will detect malicious programmes and software as they arrive into your network.

Having this type of software installed gives you that extra bit of time to prevent attacks, as unauthorised entries can be detected and stopped before they cause any damage.

What is a Ransomware Attack and How Does It Work?

Ransomware attacks can put your company data at risk, and in some cases be the cause of financial issues within an organisation.

By failing to prepare your team and your organisation to fend off attacks such as these, you are at risk of losing company data, as well as company funds.

Therefore, it is vital to provide training for your team, create a secure network based on a solid security strategy, and backup important and confidential information externally.

As with most cyber security attacks, threats of ransomware can be detrimental to your organisation’s security, as gaps in your network may be targeted again, further down the line.

At TLR we have resources and services that are specific in helping your organisation to be better prepared for cyber attacks. We can provide training for your teams with our Cyber War Games and conduct Vulnerability Scanning within your network to help fix any gaps and prevent future penetration.

To find out more about our services, or how we can help you prevent cyber attacks, get in touch with our team.

Become cyber resilient

Get in touch today to see how we can make you more cyber resilient. Empowering you to lead from the front.

Written by

Dave Roberts