How to keep your files safe from ransomware
Practical steps to ensure that you don't have to pay a ransom for your data, especially as there's no guarantee it will come back

Ransomware remains one of the biggest ongoing threats to the cyber security of both businesses and private individuals, thanks to the fact that it’s cheap and easy to deploy, and it can have devastating consequences for victims.
As the name implies, ransomware is a type of malware that attempts to extort money from its victims. It does this by encrypting all the personal data and documents that it finds on your PC, then demanding that you send money (typically in the form of untraceable bitcoins) in exchange for the decryption key. If you don't pay up, it may be impossible to recover your files.
What should I do if I'm hit by ransomware?
Your first step should be to go online and see whether a free decryption tool is available. Kaspersky Lab is one security publisher that maintains an archive of unlockers for a wide variety of ransomware strains - you can find it at noransom.kaspersky.com.
Unfortunately, it's not always possible to decrypt locked files. The most virulent ransomware attacks - such as the WannaCry worm that hit the NHS earlier back in 2017 - use a freshly generated AES key for every file they encrypt. In a situation like this, it really pays to have backups: if you can restore recent copies of your files from a cloud server or a network volume, you can simply overwrite the encrypted versions and carry on.
If your encrypted files are in a cloud folder like Dropbox or Google Drive, you may be able to go to the website and restore earlier, non-encrypted versions. Just be sure to disinfect your system first, to make sure that the ransomware doesn't simply step in and re-encrypt the restored copies.
What if you don't have recent backups?
If you can’t restore your files on your own, you may be tempted to simply pay the ransom. That may sound like a sensible idea - and on one level it is. It’s a quick and easy solution: ransomware distributors generally provide working decryption keys quite promptly after receiving your payment. After all, it's in their interest to do so, to encourage other victims to pay up.
As tempting as this may be, simply ponying up to get your files back is never advisable. For starters, this funds the criminals behind the attack and allows them to target more victims (as well as potentially funding more actively harmful activities such as drug dealing or human trafficking), perpetuating the cycle of attacks.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
There’s also no guarantee that you’ll get your files back at all. Some ransomware attacks, such as NotPetya, don’t even include a mechanism for decrypting files, and even those that do leave you at the mercy of hackers, who may simply decide not to honour their promise. They may also keep a copy of your data for use in later extortion attempts, as has been seen in the past.
Paying the ransom may sound like the safer and more expedient option, but it’s a false friend; wherever possible, it’s better to simply accept the loss of data, rather than feeding the perpetrators responsible.
How can I prevent a ransomware attack?
The good news is that, if you're reading this, you're probably the sort of person who takes security seriously, and has a reputable, regularly-updated security suite installed on their PC. If that's the case then you're already very well protected against ransomware. While its modus operandi may be distinctive, ransomware is just a type of malware, and any antivirus program worth its salt should be able to identify and block it before it has a chance to meddle with your files.
That said, no form of protection is perfect, and it's possible that a new strain of ransomware might manage to fly under the radar. To protect you against that eventuality, some security suites also include a folder-watching feature, which keeps an eye on the locations typically targeted by ransomware, such as your Documents folder. If any unrecognised process tries to touch these files, you'll be alerted and asked if you want to grant access. Say no and the ransomware is stymied.
Should all else fail, your final line of defence is a good, frequently refreshed set of backups. Just be warned that some ransomware is sneaky, and will target not only the files on your hard disk, but also the contents of external drives and NAS appliances. You might discover too late that your backups have been encrypted along with your day-to-day files. For maximum protection, it's best to use a cloud-based backup system that can't be accessed through Windows Explorer - not by you, and not by any meddling malware.
Nik Rawlinson is a journalist with over 20 years of experience writing for and editing some of the UK’s biggest technology magazines. He spent seven years as editor of MacUser magazine and has written for titles as diverse as Good Housekeeping, Men's Fitness, and PC Pro.
Over the years Nik has written numerous reviews and guides for ITPro, particularly on Linux distros, Windows, and other operating systems. His expertise also includes best practices for cloud apps, communications systems, and migrating between software and services.
-
The race is on for Higher Ed to adapt: Equity in hyflex learning
Hyflex courses can improve student wellbeing and engagement, but only with meeting technology that leaves no one behind
-
Gen Z workers are keen on AI in the workplace – but they’re still skeptical about the hype
News Younger workers could lead the shift to AI, but only think it can can manage some tasks
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operators
News A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attack
News A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?
News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the last
News Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.