How to keep your files safe from ransomware

Practical steps to ensure that you don't have to pay a ransom for your data, especially as there's no guarantee it will come back

According to Europol, ransomware was 2017's biggest online threat, eclipsing all of the other forms of cybercrime.

As the name implies, ransomware is a type of malware that attempts to extort money from its victims. It does this by encrypting all the personal data and documents that it finds on your PC, then demanding that you send money (typically in the form of untraceable bitcoins) in exchange for the decryption key. If you don't pay up, it may be impossible to recover your files.

What should I do if I'm hit by ransomware?

Your first step should be to go online and see whether a free decryption tool is available. Kaspersky Lab is one security publisher that maintains an archive of unlockers for a wide variety of ransomware strains - you can find it at

Advertisement - Article continues below

Unfortunately, it's not always possible to decrypt locked files. The most virulent ransomware attacks - such as the WannaCry worm that hit the NHS earlier this year - uses a freshly generated AES key for every file it encrypts. In a situation like this, it really pays to have backups: if you can restore recent copies of your files from a cloud server or a network volume, you can simply overwrite the encrypted versions and carry on.

Advertisement - Article continues below

If your encrypted files are in a cloud folder like Dropbox or Google Drive, you may be able to go to the website and restore earlier, non-encrypted versions. Just be sure to disinfect your system first, to make sure that the ransomware doesn't simply step in and re-encrypt the restored copies.

What if you don't have recent backups?

In that case, your only option may be to pay the ransom. That may sound like a terrible idea - and on one level it is. But it is a quick and easy solution: ransomware distributors generally provide working decryption keys quite promptly after receiving your payment. After all, it's in their interest to do so, to encourage other victims to pay up.

The amount you'll have to pay will typically be of the order of a few hundred US dollars: the WannaCry worm demanded a payment of around $300, which went up to $600 if not paid within three days. It's daylight robbery, of course, but it's cleverly set at a level that most people can afford - again, it's not in the operator's interest to set a ransom so high that nobody will pay it. For a business, it may well be cheaper to pay the ransom straight away than to deal with the lost productivity involved in restoring from backups.

Advertisement - Article continues below

In fact, the biggest inconvenience might be sorting out a payment method. Many ransomware worms ask for payment in untraceable bitcoins. Very few of us have digital cryptocurrencies just sitting around - indeed, most of us don't even know how to obtain and transfer bitcoins.

If you're concerned about the impact of a ransomware attack on your firm, it might be worth researching a payment plan ahead of time.

How can I prevent a ransomware attack?

The good news is that, if you're reading this, you're probably the sort of person who takes security seriously, and has a reputable, regularly-updated security suite installed on their PC. If that's so then you're already very well protected against ransomware. While its modus operandi may be distinctive, ransomware is just a type of malware, and any antivirus program worth its salt should be able to identify and block it before it has a chance to meddle with your files.

That said, no form of protection is perfect, and it's possible that a new strain of ransomware might manage to fly under the radar. To protect you against that eventuality, some security suites also include a folder-watching feature, which keeps an eye on the locations typically targeted by ransomware, such as your Documents folder. If any unrecognised process tries to touch these files, you'll be alerted and asked if you want to grant access. Say no and the ransomware is stymied.

Advertisement - Article continues below

Should all else fail, your final line of defence is a good, frequently refreshed set of backups. Just be warned that some ransomware is sneaky, and will target not only the files on your hard disk, but also the contents of external drives and NAS appliances. You might discover too late that your backups have been encrypted along with your day-to-day files. For maximum protection, it's best to use a cloud-based backup system that can't be accessed through Windows Explorer - not by you, and not by any meddling malware.

Image: Shutterstock

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now



How can you protect your business from crypto-ransomware?

4 Nov 2019

10 quick tips to identifying phishing emails

16 Mar 2020
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Most Popular


Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020