How to Avoid Ransomware — the 3 Things You’re Hopefully Already Doing

The Best of Ask Leo!

How can I prevent criminals encrypting files on my hard drive and then demanding a ransom to unlock the data? Is having a router and software firewall enough?

In other words, how do you avoid ransomware?

Let’s look at ransomware — software used to hold your data hostage until you pay up — and how best to protect yourself.

Spoiler alert: you already know the answer.

  • Ransomware encrypts your computer’s data and holds it hostage.
  • To avoid ransomware, use the same techniques that prevent any malware: run anti-malware tools, stay up to date, and use common sense.
  • Backups can save you should you ever get ransomware.
  • Ransomware-specific protections exist and may help, but may add to a false sense of security.
  • Never pay the ransom.

What is ransomware?

Though it continues to get lots of press, ransomware is nothing new.

Ransomware is malware that encrypts files on your machine and then presents a message offering to decrypt and recover your files if you pay a ransom. Recent versions attacking businesses also threaten to release copies of sensitive data captured at the same time.

Most current variants use good encryption, so once you’ve fallen victim, the outlook can be pretty bleak.

Note the word I used: malware.

Please understand this: ransomware is just malware. There’s nothing special about ransomware and how it gets on your machine. It uses the same techniques as any other malware. Currently, it is most often distributed in email attachments or as downloads of some form.

Ransomware is very destructive malware, but it’s just malware.

That should give you a huge clue on how to avoid it.

How to avoid ransomware

You avoid ransomware the same way you avoid all malware.

In short, do all the things you should already be doing to keep yourself safe on the internet.

More importantly, back up

If your machine does contract ransomware, having a recent backup1 can save you almost immediately.

If you get ransomware on Tuesday, restoring to a backup taken on Monday makes it almost a non-event. Aside from any work performed since the Monday backup, you’d have your machine running again in no time, without paying any ransom.

There is almost nothing a good backup can’t save you from. This is another case where even something as scary as ransomware doesn’t need to get in your way.

Ransomware-specific protection

CryptoPrevent is a popular tool used to avoid ransomware. Unfortunately, it doesn’t prevent it.

Once installed, it prevents specific actions many variants of ransomware are known to use. (In rare cases, legitimate applications might require these same types of actions, but it’s rare.)

Similarly, Windows 10 has added explicit Ransomware protection to Windows Defender in the form of “Controlled folder access”.

Ransomware protection in Windows Defender in Windows 10
Ransomware protection in Windows Defender in Windows 10. (Click for larger version).

Similar to CryptoPrevent, some applications may have problems if this feature is enabled.

If installing CryptoPrevent or enabling Controlled Folder Access helps you feel safer and doesn’t interfere with something else you need, by all means, feel free to enable them. They’ll protect you from a lot, including some non-ransomware forms of malware. For the record, I use neither.2

My concern with both these approaches is that they focus exclusively on preventing the malware’s malicious behavior, but only after the malware has already infected your machine. In other words, if they helped, it’s because malware made it to your machine.

That’s the problem to focus on. That’s what I believe is most important to prioritize — preventing malware in the first place — and I don’t want any tool or technique to give you a false sense of security leading to letting your guard down.

Should I pay the ransom?

No. Never pay the ransom.

Paying just encourages scammers to keep doing this. Sadly, enough people do pay that it’s apparently turning into quite a lucrative endeavor. Don’t be one of those people.

Stay safe, back up, and never negotiate with hostage takers — even when it’s your data they take.

Footnotes & References

1: Several people have expressed concern that a backup drive, if connected, may also be encrypted and held ransom. It can happen, but to me, it’s much more important a drive remain connected so regular backups happen automatically. More here: Will Malware Infect the Backups on My Connected Backup Drives as Well?

2: I did try Controlled folder access some time ago, and discovered that it interfered with some of the tools I use.

For related links, videos, and comments visit How to Avoid Ransomware — the 3 Things You’re Hopefully Already Doing on Ask Leo!