July 2026 · 6 min read · Cybersecurity

What Happens If Your Business Gets Ransomware?

Ransomware threat

Most Melbourne business owners assume ransomware is something that happens to other companies - the big ones, the ones with data worth stealing. The reality is different. Small and medium businesses are the primary target of ransomware attacks in Australia, precisely because they're less likely to have professional defences in place.

This guide walks you through what actually happens during an attack, what it costs, how it spreads, and - most importantly - the five things you can do this week to become a harder target.

What Actually Happens During a Ransomware Attack

It doesn't start with a shadowy figure in a hoodie hammering away at a keyboard. It starts with something mundane:

  1. An email arrives. It looks like an invoice from a supplier you know, or a shared document from a colleague. The branding is right. The tone is right. Someone clicks the attachment or the link.
  2. Nothing visible happens - at first. The malware installs silently. It starts encrypting files in the background: documents, spreadsheets, databases, accounting records. It moves laterally across your network, jumping from one device to another via shared drives and unprotected connections.
  3. The encryption completes. This can take hours or days, depending on how much data you have. Then every file on every accessible device gets a new extension - .lockbit, .crypt, .encrypted - and stops opening.
  4. The ransom note appears. A text file on every desktop, often with a countdown timer: "Your files are encrypted. Pay X Bitcoin within 72 hours or the key is destroyed." There's usually a "customer support" chat portal - the ransomware industry runs like a business.
  5. You make a decision. Pay, or don't pay. Both options are bad.
The Australian Cyber Security Centre advises against paying ransoms. There is no guarantee you'll get your data back, and paying funds further criminal activity. But for a business with no tested backups, that advice is cold comfort.

What It Actually Costs

The ransom itself is often the cheapest part. Here's what a typical ransomware incident costs a Melbourne SMB:

Total cost for a typical SMB incident: $120,000–$250,000. For context, that's roughly 10-20 years of proper cybersecurity investment for a small business.

The Five Things You Can Do This Week

None of these require a large budget. All of them dramatically reduce your risk.

1. Test Your Backups With an Actual Restore

"We have backups" is the most dangerous four-word sentence in IT. Having backups and knowing they restore are two different things. Pick a random file - a QuickBooks company file, a Sharepoint document library - and actually restore it. Time how long it takes. Check that it opens. Do this monthly.

2. Enforce Multi-Factor Authentication Everywhere

Microsoft 365, your accounting software, your CRM, your remote access tools - every login that touches business data should require MFA. This single change blocks over 99% of account compromise attacks. If your staff push back, remind them that typing a six-digit code is less inconvenient than explaining to clients why you can't access their files.

3. Keep Software Updated

Attackers scan for known vulnerabilities in unpatched software. Windows, Office, your VPN, your firewall firmware - if there's an update available, apply it. Set automatic updates where possible. The Log4j vulnerability in 2021 was actively exploited within hours of disclosure. Businesses that patched quickly were fine. Businesses that didn't weren't.

4. Segment Your Network

Your reception desk computer shouldn't be able to reach your finance server. Your guest Wi-Fi shouldn't touch your internal network. Network segmentation contains a breach - if one device gets compromised, the attacker can't walk straight into everything else. This is a one-time configuration change with permanent benefits.

5. Get a Professional Security Assessment

You don't know what you don't know. A 30-minute health check from an external provider will identify gaps you've been living with for years - exposed remote desktop ports, admin accounts with no MFA, backup configurations that haven't been reviewed since they were set up.

Find out where your business stands - free, no obligation

Our 30-minute IT health check audits your backups, access controls, email security, and endpoint protection. You get a one-page report showing exactly what needs attention.

Book Your Free Health Check

The Bottom Line

Ransomware isn't a sophisticated attack. It's an opportunistic one. The attackers aren't targeting you specifically - they're targeting everyone who left a door unlocked. The five steps above lock most of those doors. They cost very little, and they make you a meaningfully harder target than the business next door.

And in cybersecurity, you don't need to be the fastest runner. You just need to not be the slowest.

← Back to all articles    Take the Security Quiz →