Malware investigation

Under attack? Our expert investigators gather actionable evidence to help victims combat ransomware and other forms of malware effectively.

Malicious software or ’malware’ encrypts electronic devices, their folders and files, leaving systems and their data impenetrable – often until the victim pays a ransom. These cyber-attacks can bring colossal costs and crucial data leaks that cripple entire enterprises. 

With no time to waste, you must act urgently to tackle ransomware, viruses and other types of malware successfully. As a global leader in malware investigation, IFW uncovers critical evidence to determine the most effective course of action for prevention, containment and recovery. 

Please contact our skilled malware investigators as soon as you suspect that your system is infected. We assist individuals and organisations around the world to mitigate threats, stifle attacks and retrieve data with minimal downtime.

As featured on

Types of malware to watch out for

Malware is a catch-all term for software designed to damage or exploit a digital device, network or operating system, usually for the cybercriminal’s financial gain. Our meticulous malware investigations can tackle any type, including the most common forms below.


This malware comes as an email attachment that contains a virus payload, which carries out the malicious action. When the victim opens the file, their device gets infected.


Ransomware installs itself onto a victim’s device and then encrypts its files, obstructing your access until they pay the culprit a specified sum of money. 


Worms replicate from machine to machine with no need for user interaction. Rather, they exploit a weak link in a software or operating system’s security to spread on their own.


These programs instil fear through alarming messages online. This tactic pressures the victim into purchasing a fraudulent application as protection, which is the actual malware.


Installed on a victim’s device without their knowledge, spyware transmits personal details, communications and browsing behaviours to its user, who can monitor activities remotely.


These programs bombard users with unwanted ads that blink or block a particular action. They tend to be installed in return for something, like unpaid access to an online service.


Trojans pose as safe applications, swindling unsuspecting users into downloading them. Once launched, they then can steal data, crash systems, spy on operations and more.

Fileless malware

This code works within a computer’s memory instead of the hard drive. As it doesn’t depend on files and leaves no malicious trace, it can be difficult to identify and tackle.

What can an IFW malware investigation achieve?

  • Discern the malware’s entry point and all suspicious activity in your system to help prevent its spread.
  • Devise a tailored and dynamic plan of action to obstruct threats, minimise damage and/or retrieve data. 
  • Expose the hackers behind the crime, determining their physical location and working with law enforcement to facilitate raids and arrests. 
  • Monitor cyber threats to thwart repeat or related attacks.
  • Check and protect at-risk data in real-time with in-house intelligent software.

Malware investigations with a proven track record

Rapid investigations

IFW leverages powerful threat intelligence, sophisticated technology and proven investigative techniques to expose the complexities and culprits behind malware attacks. Protect and regain access to targeted information with prompt and proactive solutions.

Global resources

IFW can investigate malware attacks in any jurisdiction, utilising a worldwide team of investigators, analysts and researchers, as well as exclusive relationships with state, federal and international partner agencies across the globe.

Invaluable connections

Our skilled malware investigators collaborate with a network of confidential informants, sources and expert witnesses in cybercrime and cyber forensics. If required, we can refer you to the appropriate law enforcement agency for further support.

Actionable reports

Once the malware investigation is complete and the attack suppressed, you may wish to take any identified offender(s) to Court. Our comprehensive reports present lawful evidence for use in civil and criminal prosecutions. 

Total confidentiality

Every malware investigation is conducted with complete discretion and a commitment to client confidentiality, regardless of scale or cost. To safeguard your privacy, IFW encrypts personal data and only shares case details with consent.

Frequently asked questions

  • To protect yourself against malware attacks, we strongly advise bolstering device security, exercising caution online and conducting frequent checks of your financial accounts. 

    More specifically, take the following precautions:

    • Ensure your operating system and applications are up to date, as cybercriminals tend to target weaknesses in outdated software.
    • Use a strong mobile security solution to protect handheld devices.
    • Check your mobile device settings and apps regularly. If settings have changed or an extra app has somehow appeared, it may be a signal of spyware.
    • Never click on an unfamiliar link or pop-up, whether it is presented on social media, text message or email. If it looks suspect, it may be malware. 
    • Only visit known and trusted websites, using a safe search plug-in to avoid coming across deceptive malware. 
    • Do not open an email attachment if you don’t know what it contains or who sent it.
    • Do not share personal or financial information over email, even if it appears to have been sent by your bank. Always log into online banking instead. 
    • Only download an app with legitimate reviews from an official app store.
    • Only purchase software and downloads from a reputable provider through their official website or in-store.
    • Review your bank accounts and credit reports on a regular basis for signs of potential fraud.


    If you believe that your device is under attack, please contact our malware investigation specialists as soon as possible.

  • Malware is an umbrella term used for any form of malicious software, irrespective of its purpose, function or consequences. In contrast, a virus is a particular kind of malware that can self-reproduce by inserting its code into other programs. As soon as an ‘infected’ file or application is opened, the virus is activated and may delete information, encrypt data and/or disable entire systems.

  • Malware spreads in a network when it is opened, downloaded or installed on different devices or systems. Once the malware has attached itself to various files and folders, it will overwrite the data within. One of the most common techniques hackers utilise to spread malware is phishing emails.

  • Ransomware is a common form of malware whereby the victim’s access to important files or systems is obstructed until they pay a specified sum of money to the criminal behind the cyberattack. A ransom may also be demanded to stop the hacker sharing stolen data with the public. Decryption keys will only be returned once the ransom has been paid, often with untraceable cryptocurrency.

    You can make the mistake of infecting your device with ransomware by clicking a link, opening an email attachment, downloading an application or file, or even simply visiting a website. As soon as the code has loaded onto the device, it may restrict access to the entire device, its folders or files. More sophisticated ransomware can also affect attached drives and networked devices.

  • A data breach is a security violation whereby private and protected information is accessed or disclosed without its owner’s permission or awareness. Therefore, a ransomware attack is considered a data breach if the information was extracted in this way before being encrypted.

  • Yes, ransomware can encrypt files that have been encrypted on a device or file level, be they on a single computer or sophisticated system.

  • If you have been targeted by ransomware and do not pay the hacker their requested amount by a specified deadline, then your files may be erased forever. Consequently, it’s important that you follow the below steps as soon as possible: 

    1. Disconnect infected devices from the network.
    2. Immediately report the fraud to the Police or via your national fraud reporting portal (for example: Australia – www.cyber.gov.au, USA – www.ic3.gov, UK – www.actionfraud.police.uk, Canada – www.antifraudcentre.ca)
    3. Contact IFW Global on 1300 439 456 for an urgent consultation so that we can commence a ransomware investigation. Our expert team will advise on the most effective recovery plan and prevention techniques to avoid further data loss. 
    4. Refrain from attempting any DIY data decryption, which has the potential to hamper subsequent recovery efforts.
  • Data recovery may be possible depending on the complexity of the ransomware attack. Successful retrieval relies on the type of hardware affected, payload executed, and actions taken in response to the attack.

    At IFW, we perform each malware investigation with a proactive and adaptable approach, developing a tailored response strategy to help you maximise the likelihood of successful data recovery.

  • According to The State of Ransomware 2021 report, the average total cost of a ransomware attack has risen over 100% in a single year, reaching US$1.85 million in 2021. 

    Potential expenses include:

    • The ransom payment, which in 2021 averaged US$170,404;
    • Data recovery attempts;
    • Operational and technical measures to protect against follow-up attacks;
    • Production downtime and loss of revenue;
    • Forensic investigation; and
    • Staff and user training.
  • Yes, our intelligence reports can serve as evidence in Court in most developed countries. To determine whether IFW can provide admissible evidence for your case, please contact our investigators today.

Submit an enquiry

Understand the process and make an informed decision about engaging IFW Global services. Complete our enquiry form and get started with your investigation.

IFW Global has an extensive array of integrated services with one objective

View all