In other words, how do you avoid ransomware?
Let’s look at ransomware — software used to hold your data hostage until you pay up — and how best to protect yourself.
Spoiler alert: you already know the answer.
Become a Patron of Ask Leo! and go ad-free!
- Ransomware encrypts your computer’s data and holds it hostage.
- Avoid ransomware using the same techniques used to prevent any malware.
- Backups can save you should you ever get ransomware.
- Ransomware-specific protections exist and may help, but may add to a false sense of security.
- Never pay the ransom.
What is ransomware?
Though it continues to get lots of press, ransomware is nothing new.
Ransomware is malware that encrypts files on your machine and then presents a message offering the ability to decrypt and recover your files if you pay a ransom. Most current variants use good encryption, so once you’ve fallen victim, the outlook can be pretty bleak.
Note the word I used: malware.
Please understand this: ransomware is just malware; there’s nothing special about ransomware and how it gets on your machine. It uses techniques like any other malware. Currently, it is most often distributed in email attachments or as downloads of some form.
Ransomware is very destructive malware, but it’s just malware.
That should give you a huge clue on how to avoid it.
How to avoid ransomware
You avoid ransomware the same way you avoid all malware.
- Run up-to-date anti-malware tools. I recommend Windows Defender, but there are many, many others. Make sure they are running and up to date.
- Keep your system and software up to date. Yes, this means letting Windows, as well as any applications that have self-updating capabilities, automatically update.
- Use common sense. Don’t download random things from the internet, and don’t open attachments you aren’t completely certain are valid.
In short, do all the things you should already be doing to keep yourself safe on the internet.
Perhaps even more important: back up
If you get ransomware on Tuesday, restoring to a backup taken on Monday makes it almost a non-event. Aside from any work performed since the Monday backup, you’d have your machine back and running again in no time, without paying any ransom.
There is almost nothing a good backup can’t save you from. This is another case where even something as scary as ransomware doesn’t need to get in your way.
CryptoPrevent is a popular tool used to avoid ransomware. Unfortunately, it doesn’t really avoid it.
Once installed, it prevents specific actions many variants of ransomware are known to use. In rare cases, these same types of actions might be required by legitimate applications, but as I said, it’s rare.
Similarly, Windows 10 has added explicit Ransomware protection to Windows Defender in the form of “Controlled folder access”.
Similar to CryptoPrevent, some applications may have problems if this feature is enabled.
If installing CryptoPrevent or enabling Controlled Folder Access helps you feel safer, and doesn’t interfere with something else you need, by all means, feel free to enable them. They’ll protect you from a lot, including even some non-ransomware forms of malware. For the record: I use neither.2
My concern with both these approaches is that they focus exclusively on preventing the malware’s malicious behavior, but only after the malware has infected your machine. In other words, if they actually helped, it’s because malware was somehow already allowed on your machine.
I’ll say it again: malware was allowed on your machine.
That’s the problem to focus on. That’s what I believe is most important to prioritize, and I don’t want any tool or technique to give you a false sense of security that leads to letting your guard down.
Should I pay the ransom?
No. Never pay the ransom.
Paying just encourages scammers to keep doing this. Sadly enough, enough people do pay that it’s apparently turning into quite a lucrative endeavor. Don’t be one of those people.
If you found this article helpful you'll love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and increase your confidence with technology.
Subscribe now, and I'll see you there soon,
Footnotes & References
1: Several people have expressed concern that a backup drive, if connected, may also be encrypted and held ransom. While technically possible, I believe it remains rare — I’ve not heard of any instances as of this writing. To me, it’s much more important that a drive remain connected so regular backups happen automatically. More here: Will Malware Infect the Backups on My Connected Backup Drives as Well?
2: I did try Controlled folder access some time ago, and discovered that it interfered with some of the tools I use.