skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus
Find ANZ Support Centre
Find ANZ Contact
Article related to:

Types of scams

Ransomware: How attacks work and how to protect yourself

ANZ Security specialist

2026-06-11 04:30

Estimated reading time
 min

Key points

  • Ransomware is a type of malicious software that can lock your files and demand payment to restore access.
  • Simple steps can help protect you, like avoiding suspicious links and using antivirus software.
  • Warning signs include unusual file changes or messages asking for payment on your device.

Ransomware attacks don’t always start with something obvious - they can begin with a single click on a suspicious link, quickly leading to locked files and loss of control over your information.

Understanding how ransomware works can help you stay in control. With the right awareness and simple precautions, you can better protect your devices, safeguard your data, and stay one step ahead of evolving cyber threats.

 

What is ransomware?

Ransomware is malicious software (malware) that can lock your files or block access to your device by encrypting your data or restricting access to your system.

After an attack, you may see a pop-up message demanding payment, this may appear with a countdown and instructions to pay to “unlock” your device.

Even if you pay, there’s no guarantee you’ll regain access or that your data won’t be shared. Ransomware is a serious cyber security threat and paying a ransom is not recommended by the Australian Signals Directorate.

 

How can ransomware infect your device?

Ransomware can enter your device or network in several ways, often through everyday actions that seem harmless.

  • Suspicious links or attachments in emails, texts, or social media messages

  • Malicious websites that trigger downloads without you realising

  • Untrusted apps downloaded outside official app stores

  • Infected USB devices plugged into your computer

  • Compromised online sessions, where attackers gain access while you’re logged in

 

How can ransomware affect you?

  • As ransomware locks up your files and disrupts access to your device, restoring your devices and data may take some time.

  • If you don’t have backed-up data, it might be a challenge to recover your files.

  • For business owners, a ransomware attack might disrupt your daily operations and hurt your reputation.

  • Cybercriminals can also use ransomware to steal personal or business information and pressure you into paying to regain control.

Case study

Australian Signals Directorate (ASD)

At a small design firm, an employee noticed something unusual on her device - a file had changed and could no longer be opened. After reporting it, it was discovered that other files were being encrypted in real time.

Soon after, a “Read me” file appeared with a ransom demand in cryptocurrency to restore access. The team immediately ran security checks and contacted the Australian Cyber Security Centre hotline for support. Because they had followed best practices - keeping regular backups across cloud and external storage, they were able to recover their data without paying the ransom.


How to protect yourself from ransomware

  • Be cautious online: Avoid clicking links or downloading files from unexpected emails or messages - especially if there’s pressure to act quickly.

  • Update your devices: Install updates regularly or turn on automatic updates to fix security gaps.

  • Use antivirus software: Helps detect, prevent, and remove malware.

  • Back up your data regularly: Save copies of important files to the cloud or an external device so you can recover them if needed.

  • Enable multi-factor authentication (MFA): Adds an extra layer of protection to your accounts.

  • Limit access and permissions: Only allow necessary access to apps, data, and device settings.
     
  • Restrict software installation (for businesses): Ensure employees can only install approved applications.

  • Disable macros in attachments: Helps reduce the risk of malicious files spreading ransomware.

 

Signs of a ransomware attack

If your device is under a ransomware attack, you may notice several alarming signs:

  • Anti-virus and backup systems disabled. Your antivirus software or backup solution may be removed or turned off before your files are encrypted.

  • Important files are locked or inaccessible. Personal documents, photos, and other critical files may suddenly become locked. You won’t be able to open, edit, or move them.

  • File extensions have changed. Many of your files might have unfamiliar extensions. For example, a Word document normally ends in .docx, but ransomware may rename it to something like .zzz or .encrypted.

  • You receive a ransom note. A message may appear demanding payment to unlock your files or prevent your data from being leaked or sold. This is a scare tactic used by cybercriminals to pressure victims into paying.

 

What to do if you encounter a ransomware attack

The ASD’s ACSC recommends taking the following steps:

  1. Record key details: Take note of any messages, file changes, or ransom demands.

  2. Turn off the affected device: Shut down the infected device to limit further damage.

  3. Disconnect other devices: Unplug or disconnect devices from the network to help prevent the spread.

  4. Change important passwords: Update passwords for key accounts, especially if they may be affected.

Learn more about how to report, respond to and recover from ransomware attacks on the ASD’s ACSC website.


Where to report fraud, scams and cybercrimes

If you suspect fraud on your account or have shared financial information or transferred money as a result of a scam, please contact your bank. If you bank with ANZ, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.

You can also report scams and other cybercrimes to the Australian Cyber Security Centre’s ReportCyber and the Australian Government’s Scamwatch.

For additional support with identity or cyber security concerns, you can reach out to IDCare, a not-for-profit organisation offering expert support and frontline insights into scams, identity theft and cybercrime.

 

 

anzcomau:content-hubs/security/scams,anzcomau:content-hubs/security/delivery-methods-for-scams-and-fraud
Ransomware: How attacks work and how to protect yourself
ANZ
Security specialist
2026-06-11
/content/dam/anzcomau/images/security-hub/types-of-scams/what-is-ransomware-banner-1200x800.jpg

Stay cyber-smart on all devices

We want all Australians to feel confident and safe when using their devices. With handy tips and tricks that are simple to follow, the ANZ Security Hub is your one-stop shop for protecting yourself and your devices from cybercriminals.

Take me there

 

The information set out above is general in nature and has been prepared without taking into account your objectives, financial situation or needs. Before acting on the information, you should consider whether the information is appropriate for you having regard to your objectives, financial situation and needs. By providing this information ANZ does not intend to provide any financial advice or other advice or recommendations. You should seek independent financial, legal, tax and other relevant advice having regard to your particular circumstances.

Top