The cyber threat landscape is rapidly evolving. It is becoming increasingly sophisticated, impacting individuals and businesses alike. To help you stay one step ahead of cybercriminals, we’re exploring a different aspect of cybersecurity each month in 2025 as part of our bitesize series.
So far, we have tackled many prominent issues surrounding cybersecurity, including:
This month’s focus is on how to recognise ransomware before it’s too late.
Did you know that 1% of all businesses in the UK experienced a ransomware crime in the last 12 months? This has doubled from 2024.
In today’s digital world, ransomware is one of the most dangerous and costly cyber threats. It can lock you out of your files, disrupt your business, and demand a hefty ransom to restore access. But what if you could spot the signs before the damage is done?
In this guide, we’ll explain what ransomware is, how to recognise it early, and provide you with a step-by-step guide to help you stay one step ahead of cybercriminals.
Ransomware is a type of malicious software, also known as malware, that encrypts your files or locks you out of your system. Once infected, you’ll typically receive a message demanding payment, often in cryptocurrency, in exchange for a decryption key.
There are several types of ransomware, including:
Ransomware attacks can take place on any device, whether that is a mobile phone, tablet or computer. Typically, ransomware gains access to a user’s device via phishing attacks.
By recognising early indicators, you can significantly reduce the risk of infection and contain threats before they escalate. Recognising ransomware promptly can be the difference between a minor inconvenience and a full-blown crisis.
If you notice any of these signs below, act quickly, as time is critical.
During a ransomware attack, the system can be overloaded by the malware, which leaves less capacity for legitimate programs to run. Watch for sudden slowdowns, frequent crashes, or unresponsive applications. These can be early signs of malicious activity.
Open Task Manager (Windows) or Activity Monitor (Mac) and look for unfamiliar or resource-heavy processes. Malware often tries to disguise itself with random names.
If you can’t open documents, images or folders that were previously usable. You may still be able to see the files, but you won’t be able to open or use them.
Ransomware attacks are prone to targeting and corrupting files and data. Inspect your files for strange extensions. If you see something like .locked, .enc, or .crypt, it’s a red flag.
Look for text files or suspicious pop-ups with unexpected warnings, fake updates or ransom demands. These often appear on your desktop or in folders with encrypted files.
Check your antivirus and firewall logs for recent alerts or blocked activity. If your security software is turned off without your input, these logs can reveal it and help show attempted intrusions or malware behaviour.
If you have high outbound traffic to unknown IP addresses or domains, you should use a network monitoring tool to investigate. This could indicate data exfiltration or communication with a command-and-control server.
If you are being redirected to strange websites when you try to visit legitimate websites. This could be an indication that a malicious browser extension has been installed.
If you notice new apps are running in the background. For example, software removal applications, this could mean bad news. Take a look at your Task Manager or Activity Monitor to check that nothing suspicious is silently happening behind the scenes.
Run a full system scan using updated anti-malware software. Tools like Malwarebytes, Bitdefender, or Windows Defender can help detect and quarantine threats.
Quick action can limit the damage and help with recovery. If you think your system is infected, follow these steps:
The first thing you should do if you think your system is infected is disconnect from the internet to prevent the spread. Whether wired, wireless or mobile phone based, disconnect all devices from all the network connections immediately to prevent the infected device from corrupting others.
If you’re being particularly cautious, consider turning off your Wi-Fi at the switch to limit the damage it can cause.
If in doubt, update any login details to ensure none of your personal data is compromised. Bear in mind, that when you’re completing this step, you need to be careful not to lock yourself out of any systems that you may need for recovering the device.
If this is a business device, make sure to contact IT or your cybersecurity team to get support on advice on what to do next. This step will also allow them to implement measures to prevent anyone else falling victim to the same scam.
On a similar train of thought, you should report the incident to the local authorities and any applicable cybercrime units. For example, in the UK, you should report any cybercrime to Action Fraud.
If you have completed steps 3 and 4, you may have been given some guidance on how to safely remove the ransomware from your device.
Once you are sure the device is free from malware, you can restore your back-ups if you have any. Just make sure that both the device you are plugging in and the one you are plugging it into are clean.
It is not recommended that you pay the ransom. Law enforcement and cybersecurity experts strongly discourage doing so for many reasons:
If you’ve already paid the ransom, contact your bank and Action Fraud immediately. Depending on how promptly you do so they may be able to block the transaction.
Ransomware is a serious threat, but with the right knowledge and tools, you can detect it before it causes irreversible damage. By following the checklist above and staying alert to early warning signs, you’ll be better prepared to protect your data and your business.
Prevention is always better than cure. Here are a few top tips to remember:
When it comes to cybercrime, many SMEs don’t have sufficient cyber insurance. But the reality is, the risk of cybercrime to your business far outweighs many other risks that you would cover for without a second thought. It’s time to get real about cybersecurity.
To find out more about cyber insurance, give us a call on 0330 029 5626 or visit our dedicated cyber insurance page.
Marc Rocker, Head of Cyber has been with Towergate for over 15 years advising commercial clients of all sizes on their business insurance needs.
As Head of Cyber Insurance, Marc has responsibility for ensuring that the advice and products that Towergate provides meet clients’ needs. Marc is a member of the British Insurance Brokers’ Association (BIBA) cyber technical committee.
Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems we recommend that professional advice be sought.
[1] UK .gov.uk Cyber security breaches survey 2025, cyber crime.
Date: September 05, 2025
Category: Cyber