How to Protect Your Files From Ransomware
It’s a growing threat for individual users and businesses alike—but there are ways to protect yourself.
MOVE OVER VIRUSES, step aside worms: Ransomware has the spotlight and isn’t about to give it up. From taking down entire fuel pipelines to hijacking hospital networks, it’s the cyberattack du jour. Not only do you have the potentially disastrous consequences of being locked out of your most important files and systems, you also have to decide if you’re willing to pay cold, hard cash to get access to them again, if you even get access after paying.
That’s where the name comes from—ransomware attacks literally hold your data for ransom. There are a few variations on the theme, but it’s usually very recognizable. Malware is used to encrypt your files (in some cases even double-encrypt them) so they require a specific key to be unlocked. The damage can quickly spread across computers and networks. In some cases you might be locked out of your system completely, along with any other systems on the same network.
Ransomware isn’t particularly difficult to develop or deploy, and it’s profitable. While it started out as a problem for home users, it has now spread to become a problem for businesses, and several high-profile attacks have recently targeted government agencies and infrastructure companies. The threat is very real no matter who you are—so how do you protect against it?
Keeping ransomware off your computer isn’t actually much different from keeping any other kind of malware at bay, and very similar rules apply. A ransomware attack can’t happen without some access to your system, which is usually achieved through a rogue application—be cautious about downloading or opening any files from the web or your email if you’re not certain of their source.
Hackers now use a variety of social engineering techniques—such as spoofing an email that looks like it’s an urgent missive from your boss—to try and get you to install something you shouldn’t or to download files you think are attachments but aren’t. Think and think again before opening and running anything on your computer, especially if it arrives without warning.
Ransomware doesn’t always have to trick you into installing something: It can sometimes spread on its own by exploiting security holes in legitimate software that hasn’t been properly updated or patched. This is one of the reasons you should generally install as few software programs on your computer as possible, and stick to developers that can be trusted to keep their applications secure and provide necessary security updates in a timely manner.
Besides being careful in terms of what you do on your computer and the programs you grant access, the standard three rules of system security apply: Update, protect, and back up. All malware, including ransomware, often exploits older or unpatched software, which is why it’s vital that everything running on your computer (and yes, that includes both Windows and macOS users) is up to date with at least the latest security updates.
Those nagging operating system updates are annoying for a reason—it’s really important that you get them installed. The good news is that software updates are so vital to security that they’re mostly handled automatically and in the background by most programs. Google Chrome, for example, downloads updates on its own, and you’ll see a color-coded icon in the toolbar when an upgrade is required. (It gets closer to red as the upgrade gets more urgent.)
In terms of protection, you also need some quality security software installed on your computer, but that should be done anyway—ransomware or no ransomware. It’s a matter of debate whether the tools built into Windows and macOS are good enough on their own, but they certainly go a long way to keeping malware threats, including ransomware, at bay.
It’s also fair to say that adding third-party software on top keeps you even better protected: Leading packages from the likes of McAfee, Norton, Bitdefender, Avira, and others will keep a very close eye on everything that’s happening on your system, so it’s up to you whether you think the extra protection is worth the extra cost (and the extra software configurations you’ll have to go through).
While ransomware is typically targeted at systems and the files on them, with the right username and password bad actors can also get at your files in the cloud, encrypt those, and hold them for ransom. Make sure you use strong passwords that are different for all of your accounts (ideally through a password manager) and that you’ve turned on two-factor authentication everywhere—that means that something else (such as a code sent to or generated by your phone) is required to log in to your accounts in addition to a username and password.
The third part of keeping yourself protected against ransomware is to make sure you back up your computer and other devices regularly. An external hard drive, a cloud syncing service—they’ll all do as long as there are copies of your files out of reach of the ransomware attack.
And that last caveat is an important one. If your backup is within easy reach of the malware program that’s locking your files, then you’ll be faced with encrypted backups as well as encrypted files. Make sure at least one of your backups is only occasionally connected to your main system, or that whatever backup solution you choose has revision history, so you can go back to before the attack took place.
When it comes to cloud backup solutions, many now offer file versioning features (Dropbox Rewind, for example)—they roll back your files to a previous point in time, which can be really useful in the event of a ransomware attack, because it means you’re able to revert to the state your data was in before it got encrypted. Check with the service you’re using for details.
As with any security threat, it’s impossible to 100-percent guard yourself against ransomware, but the steps outlined here should help minimize the risk. If the worst should happen, remember that ransomware is a crime, and you can report it via the resources mentioned on the Cybersecurity & Infrastructure Security Agency website here.