HomeTrainingMalware and ransomware
Module 5 · 8 min

Malware and ransomware

Attachments, downloads, macros, remote access, and data leakage.

The employee does not run unknown files and knows what to do when suspicious activity appears on screen.

Threat

The June 2026 Latvijas Valsts meži incident showed that ransomware also affects large Latvian companies.

What to know

  • Ransomware is not only data encryption. Data is often stolen first and then used for extortion.
  • An attachment may be an Office file, archive, PDF with a link, installer, or "security update".
  • Attackers also exploit vulnerabilities in public systems, not only email.
  • If a system behaves strangely, the important thing is not to hide it or quietly try to fix it alone.

Actions

  • Do not open unexpected attachments when the context and sender are unclear.
  • Do not install remote-access tools because a stranger tells you to.
  • If you ran a suspicious file, follow company procedure and report immediately.
  • Do not delete evidence: keep the email, screenshot, time, and sequence of actions.

Manager note

Ransomware training must end with a concrete reporting path, not just a vague "be careful".

Sources