I’ve seen enough nonsense online this week that I decided it was time to demystify one of the biggest boogeymen in cybersecurity: ransomware.
Ooooh, the scary ransomware attacks.
Ooooh, your data got stolen.
Ooooh, the hospital had to shut down.
Ooooh, your bank got hit.
Enough already.
So… What is a ransomware attack?
Ransomware is malware that gets into a system, usually via phishing, encrypts critical files, and then demands money to unlock them. Sometimes the threat includes leaking sensitive data, especially with attackers who lean into public shame as a tactic, which (moral judgment alert) is a particularly low move.
There’s some fascinating research out there on how these attacks are built, and I have real respect for the folks who study and stop them.
But here’s what gets lost in the headlines:
Most ransomware today isn’t targeting individuals. It’s going after entire industries.
Attackers find a vulnerability in a widely used piece of software, something specific to hospitals, or school systems, or logistics providers, and mine it for as long as they can. Once that gold rush dries up, they move on to the next soft target.
For organizations: bigger systems, bigger stakes
If ransomware seems like it only happens to “the big guys,” that’s because, these days, it mostly does.
And yet, these companies still get wrecked. Why?
Because recovery is hard. Even when you have backups, restoring everything takes time and money. That’s why enterprise-level backup systems are all about minimizing downtime. The faster a company can get back online, the less power the ransomware has.
But you don’t need corporate infrastructure to protect yourself. You just need a plan.
Your best defense: backups
Unless you’re storing blackmail-worthy material on your devices (pro tip: don’t), your best protection is simply having, and testing, backups.
Yes. It really is that simple.
Here’s what I do:
I back up my phone weekly (realistically, I’m more likely to lose it than get hacked, but hey, two birds, one stone.)
I back up my laptop monthly. If my laptop got stolen today, I could brick it remotely and reinstall everything on a new one tomorrow.
Tah-dah! Ransomware avoided.
If you're the type of person who runs out of gas, set a recurring calendar reminder. If you're the type who always keeps the tank above half — surprise! You still need a calendar reminder. Everyone forgets.
Back up how-tos:
TL;DR
Ransomware isn’t some chaotic cyber plague. It’s an opportunistic business model, and it thrives on bad planning.
Backups — boring, dependable, unglamorous backups — are what make it irrelevant.
And, like most cybersecurity: It’s not magic. It’s maintenance.
What else is brewing…
Join us for tea!
CybersecuriTea is a free, plain-English guide to digital safety, designed for families, friends, and the folks you love. Subscribe today and get weekly tips to help keep your digital life secure.
Or, if you’d like to support our work and keep the kettle warm for everyone:
Issue # 8
This content may contain affiliate links. If you choose to sign up or make a purchase through them, we may earn a small commission, at no additional cost to you. Thank you for supporting CybersecuriTea.
