What ICE’s new safety action plan means for the construction industry

The cyber threat landscape is rapidly evolving. It is becoming increasingly sophisticated, impacting individuals and businesses alike. To help you stay one step ahead of cybercriminals, we’re exploring a different aspect of cybersecurity each month in 2025 as part of our bitesize series.

Did you know that 1% of all businesses in the UK experienced a ransomware crime in the last 12 months? This has doubled from 2024.

In today’s digital world, ransomware is one of the most dangerous and costly cyber threats. It can lock you out of your files, disrupt your business, and demand a hefty ransom to restore access. But what if you could spot the signs before the damage is done?

In this guide, we’ll explain what ransomware is, how to recognise it early, and provide you with a step-by-step guide to help you stay one step ahead of cybercriminals.

Ransomware is a type of malicious software, also known as malware, that encrypts your files or locks you out of your system. Once infected, you’ll typically receive a message demanding payment, often in cryptocurrency, in exchange for a decryption key.

There are several types of ransomware, including:

• Crypto ransomware - Encrypts files and demands payment for the decryption key.

• Locker ransomware - Locks you out of your device entirely, before displaying a ransom note.

• Scareware - Pretends to be legitimate software and scares users into paying for fake fixes.

• Extortionware - Taps into the fear of reputational damage, by threatening to publicly expose your data unless users pay the ransom.

Ransomware attacks can take place on any device, whether that is a mobile phone, tablet or computer. Typically, ransomware gains access to a user’s device via phishing attacks.

By recognising early indicators, you can significantly reduce the risk of infection and contain threats before they escalate. Recognising ransomware promptly can be the difference between a minor inconvenience and a full-blown crisis.

If you notice any of these signs below, act quickly, as time is critical.

Sign 1 - Sluggish system performance

During a ransomware attack, the system can be overloaded by the malware, which leaves less capacity for legitimate programs to run. Watch for sudden slowdowns, frequent crashes, or unresponsive applications. These can be early signs of malicious activity.

Open Task Manager (Windows) or Activity Monitor (Mac) and look for unfamiliar or resource-heavy processes. Malware often tries to disguise itself with random names.

Sign 2 - Locked or inaccessible files

If you can’t open documents, images or folders that were previously usable. You may still be able to see the files, but you won’t be able to open or use them.

Sign 3 - Unusual file extensions

Ransomware attacks are prone to targeting and corrupting files and data. Inspect your files for strange extensions. If you see something like .locked, .enc, or .crypt, it’s a red flag.

Sign 4 – Malicious pop-ups or ransom notes

Look for text files or suspicious pop-ups with unexpected warnings, fake updates or ransom demands. These often appear on your desktop or in folders with encrypted files.

Sign 5 - Disabled antivirus or firewall

Check your antivirus and firewall logs for recent alerts or blocked activity. If your security software is turned off without your input, these logs can reveal it and help show attempted intrusions or malware behaviour.

Sign 6 - Unusual network activity

If you have high outbound traffic to unknown IP addresses or domains, you should use a network monitoring tool to investigate. This could indicate data exfiltration or communication with a command-and-control server.

Sign 7 - Unexpected redirects

If you are being redirected to strange websites when you try to visit legitimate websites. This could be an indication that a malicious browser extension has been installed.

Sign 8 - Unfamiliar software running

If you notice new apps are running in the background. For example, software removal applications, this could mean bad news. Take a look at your Task Manager or Activity Monitor to check that nothing suspicious is silently happening behind the scenes.

Sign 9 – Invest in threat detection tools

Run a full system scan using updated anti-malware software. Tools like Malwarebytes, Bitdefender, or Windows Defender can help detect and quarantine threats.

It is not recommended that you pay the ransom. Law enforcement and cybersecurity experts strongly discourage doing so for many reasons:

1. There is no guarantee that you will be given access to your files or device again,

2. It may mean you’re more likely to be targeted in future,

3. You are then funding criminal activity.

If you’ve already paid the ransom, contact your bank and Action Fraud immediately. Depending on how promptly you do so they may be able to block the transaction.

Ransomware is a serious threat, but with the right knowledge and tools, you can detect it before it causes irreversible damage. By following the checklist above and staying alert to early warning signs, you’ll be better prepared to protect your data and your business.

Prevention is always better than cure. Here are a few top tips to remember:

• Regularly back up your files

• Keep your software up to date

• Train your team on phishing awareness and encourage them to be proactive