1300 002 001
Follow Us  —Fb. /Lk. /X. /Ig.

Glossary

Ransomware

Malware that encrypts data and demands payment for the decryption key — increasingly paired with data extortion, where stolen data is threatened with publication.

Ransomware is the malware family that encrypts an organisation’s data and demands payment in cryptocurrency for the decryption key. It’s the attack type most likely to put a small business out of operation for weeks.

How ransomware has evolved

The 2025 picture is different from the 2020 picture in two important ways:

  • Data extortion has overtaken encryption as the primary leverage. Attackers exfiltrate sensitive data first, then encrypt — and threaten to publish or sell the data if payment isn’t made, regardless of whether the victim can restore from backup.
  • Refusal to pay has become the norm. Per the IBM Cost of a Data Breach Report 2025, 63% of ransomware victims refused to pay the ransom. The shift reflects better backup discipline, law-enforcement pressure, and the reality that paying doesn’t reliably stop data leaks.

The recovery question is the strategic one

Technical defences matter — and they’re below — but the question that decides whether an organisation can refuse to pay is whether it can restore quickly from a backup the attacker couldn’t touch. Rehearsed restores from immutable backups plus a documented incident-response plan are what convert “we have backups” into “we can decide not to pay.”

Layered defences

  • Immutable, off-site backups with periodic restore drills.
  • EDR with behavioural detection to catch encryption activity early.
  • Network segmentation to limit lateral movement.
  • MFA on every account, phishing-resistant for privileged roles.
  • Rehearsed incident response with an external IR retainer where the in-house team is small.

Symsafe delivers the cybersecurity and backup-and-DR sides of this as a paired engagement — the controls and the recovery work together.

— Related services

← Back to glossary