Ransomware is no longer a corporate-only problem. We now see at least one home or small-business case at the Repair Point workshop every week. The good news: 95% of the infections we deal with were preventable with a 30-minute setup. This is exactly what we recommend.
How ransomware really gets in (in 2026)
- Phishing emails with malicious attachments or links — still #1 by a wide margin.
- Cracked or pirated software downloaded from torrent sites.
- Compromised browser extensions and Chrome 'profile sync' attacks.
- Outdated VPN appliances and routers with default passwords.
- Public Wi-Fi sessions where the device's firewall is off.
The 7-step prevention checklist
- Patch everything. Set Windows, macOS, your browser and your router to update automatically.
- Run only one real-time antivirus (Windows Defender or one paid suite). Two antivirus apps fight each other and create gaps.
- Enable controlled folder access (Windows) or FileVault + macOS Gatekeeper (Mac).
- Back up to the 3-2-1 rule (3 copies, 2 different media, 1 off-site). See our backup guide.
- Use a password manager. Reused passwords are how attackers move from one account to another.
- Turn on two-factor authentication on your email — that single account is the key to most other recoveries.
- Never download cracked software. The economic value to the cracker is paid with a hidden payload.
If it happens — the first 60 minutes
- Disconnect from Wi-Fi and Ethernet immediately — stop the spread.
- Do NOT pay the ransom. Industry data shows fewer than 30% of payments result in working decryption, and you mark yourself as a future target.
- Power the device off if you can, and unplug external drives before they get encrypted too.
- Photograph the ransom note. The note often identifies the strain — and some strains have free decryptors.
- Call a qualified technician. Free public decryptors exist for many strains (Stop/Djvu, Globe, TeslaCrypt, others) — we check first before recommending a wipe.
What about cyber-insurance?
If you run a small business, 2026 insurance policies will only pay out if you can show evidence of basic controls: a working backup, MFA on email, and EDR-grade endpoint protection. A 1-hour audit before you sign the policy will save you a five-figure claim denial later.
Don't panic, don't pay, do call
Most ransomware infections we handle are fully recovered from clean backups in under a day — without paying a cent. The earlier you call, the lower the cost: every additional reboot can damage shadow copies and pre-encryption sectors that aid recovery.
Worried you might be infected? Book a free remote diagnostic — we'll tell you within an hour whether it's a real ransomware case, a scareware popup, or something else entirely.
Related service
Virus & Malware Removal · $99 flat
Deep-scan and full removal of viruses, ransomware, spyware and adware.
Book this service