How to beat ransomware

Ransomware survival guide

Although the threats in the previous section sound scary, there are simple steps you can take to avoid and defeat them. Read on to find out how

Lock your PC against ransomware

The best way to steer clear of ransomware is to use common sense; don't open email attachments from senders you don't recognise, even if they look very convincing, avoid clicking links on dubious-looking websites, and install security software that can prevent an infection from encrypting files on your PC.

You should also make sure that all your software, including installed plugins, is up to date, because hackers use these vulnerabilities to attack your PC. If you receive a document from an unknown source, don't open it, or at the very least, don't enable editing in Word as this will allow macros to run, which can be used to download the ransomware.

Most importantly of all, make sure you regularly back up all your personal files to the cloud and/or another drive not connected to your PC or on the network. The best advice is to follow the 3-2-1 rule have at least three copies of your personal files stored in two different formats, with one copy stored "off-site" (so, not on your PC or hard drive). Creating regular images of your drive that you can install in the event of an attack is also worth doing. Beware of using a backup that's too recent though, in case it contains a copy of the ransomware that attacked the system in the first place.

Install anti-ransomware software

There are several free programs from major software security firms that can protect your device from the most common type of ransomware. Bear in mind that they need to be run manually because they don't safeguard your system in real time.The following programs target different types of malware, so it's worth installing at least one:

If your PC has been infected

First and foremost, don't panic. Being hit by ransomware is a frightening experience, but you can survive it. Disconnect the locked PC from your network to prevent the ransomware from spreading. You should probably do the same with your other devices, in case they are already infected.

Next, find out what type of ransomware you've picked up. You might be able to discover this from the message on screen, or by searching for the exact message contents on Google. You can also upload a ransom note or encrypted file to ID Ransomware.

Once you know what's hit you, you can search the web for possible solutions. You'll find some answers from and MalwareTips.

Should I pay the ransom?

The short answer and the answer given by every security firm (even the FBI) is no. The theory is, if people don't pay, ransomware will become unprofitable and the attackers will move on to something else.

That said, even if only a very small proportion of infected users end up paying, it still makes it worthwhile for the cybercriminals to continue their endeavours.

If you've got your personal files backed up online, you don't need to pay. If, however, the ransomware has encrypted the only versions of your files that you have, you may feel that there's no alternative but to give in to the criminals' demands.

A word of warning

Although the files locked by ransomware can sometimes be decrypted, there is no guarantee that in future versions, the attackers won't fix the flaw that allows this.

Just as software gets patched, so does ransomware, because the cybercriminals are always looking for ways to make their malware harder to defeat. One example of this is CryptXXX, which was recently updated to prevent a decryption tool from working. This reiterates the need to remain vigilant about opening emails, clicking links on the web and keeping your security software up to date.

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.