← Back to BlogCyber Threats

What Is Ransomware and How Does Phishing Deliver It?

What Is Ransomware and How Does Phishing Deliver It?

Imagine arriving at work one morning, opening your computer, and finding that every single file — invoices, client records, financial data, years of work — is locked with a message demanding thousands of dollars to get them back.

This is ransomware. And it typically starts with a phishing email.

What is ransomware?

Ransomware is a type of malicious software (malware) that encrypts the files on your computer or network. Once encrypted, you can't access them — until you pay a ransom (usually in cryptocurrency) to receive the decryption key.

In recent years, ransomware has evolved. Criminals now also steal the data before encrypting it and threaten to publish it if you don't pay — so there are two incentives to comply.

The phishing connection:

The vast majority of ransomware infections begin with a phishing email. Specifically:

  1. Malicious attachments: A phishing email contains an attachment — often disguised as an invoice, a document, or a photo. When you open it, the ransomware is installed silently.
  1. Malicious links: A phishing email contains a link to a website that auto-installs ransomware when you visit it (a "drive-by download"), or tricks you into downloading a file.
  1. Credential theft leading to ransomware: A phishing attack steals your login credentials, which a criminal then uses to access your business systems and deploy ransomware manually.

The impact on Australian SMBs:

Ransomware attacks have shut down Australian medical practices, law firms, accounting practices, and retail businesses. Recovery can take weeks and cost tens of thousands of dollars — even if you pay the ransom (which doesn't guarantee recovery and funds further criminal activity).

How to protect yourself:

  1. Regular, offline backups. If your data is backed up to a system that isn't connected to your network (offline or air-gapped), ransomware can't reach it. This is the single most important protection.
  1. Don't open unexpected attachments. Especially .zip, .exe, .docx with macros enabled, and .pdf files from unknown senders.
  1. Keep software updated. Many ransomware attacks exploit known vulnerabilities in outdated software. Updates patch these.
  1. Use email filtering. A good email security tool can block many malicious attachments before they reach your inbox.
  1. Train your staff. The human firewall is your first line of defence. A staff member who spots the phishing email and reports it instead of opening the attachment has potentially saved your business.

If you're hit by ransomware:

  • Disconnect from the network immediately
  • Don't pay the ransom (it funds crime and doesn't guarantee recovery)
  • Contact the Australian Cyber Security Centre (ACSC) at cyber.gov.au/report
  • Contact your IT provider or a cybersecurity incident response firm
  • Restore from backups if available

Build your anti-phishing defences at Phishbate →

Think you can spot a phish?

Put your knowledge to the test with the Phishbate interactive quiz. It only takes a few minutes.

Take the Quiz →