Is your computer protected against ransomware attacks? Ransomware is a type of malware (malicious software) which criminals use to extort money. It holds data to ransom using encryption or by locking users out of their device.

This article teaches you all there is to know about ransomware prevention. We explore the different ways to protect your computer and your data from ransomware attacks.

In this article, we will look at:

  • How to prevent ransomware
  • What to do if you experience a ransomware attack
  • Ransomware removal
  • Notorious 2018 ransomware attacks
  • How to protect your computer from ransomware

Ransomware prevention

In this section, we give you tips on how to prevent ransomware attacks, from never clicking on unverified links, to avoiding using unfamiliar USBs. Read on to learn more about ransomware prevention.

Never click on unverified links

Avoid clicking links in spam emails or on unfamiliar websites. Downloads that start when you click on malicious links is one way that your computer could get infected.

Once the ransomware is on your computer, it will encrypt your data or lock your operating system. Once the ransomware has something to hold as ‘hostage,’ it will demand a ransom so that you can recover your data. Paying these ransoms may seem like the simplest solution. However, this is exactly what the perpetrator wants you to do and paying these ransoms does not guarantee they will give you access to your device or your data back.  

Do not open untrusted email attachments

Another way that ransomware could get onto your computer is through an email attachment.

Do not open email attachments from senders you do not trust. Look at who the email is from and confirm that the email address is correct. Be sure to assess whether an attachment looks genuine before opening it. If you’re not sure, contact the person you think has sent it and double check.

Never open attachments that ask you to enable macros to view them. If the attachment is infected, opening it will run the malicious macro, giving the malware control over your computer.

Only download from sites you trust

To reduce the risk of downloading ransomware, do not download software or media files from unknown websites.

Go to verified, trusted sites if you want to download something. Most reputable websites will have markers of trust that you can recognize. Just look in the search bar to see if the site uses ‘https’ instead of ‘http.’ A shield or lock symbol may also show in the address bar to verify that the site is secure.

If you’re downloading something on your phone, make sure you download from reputable sources. For example, Android phones should use the Google Play Store to download apps and iPhone users should use the App Store.

Avoid giving out personal data

If you receive a call, text, or email from an untrusted source that asks for personal information, do not give it out.

Cybercriminals planning a ransomware attack may try to gain personal data in advance of an attack. They can use this information in phishing emails to target you specifically.

The aim is to lure you into opening an infected attachment or link. Do not let the perpetrators get hold of data that makes their trap more convincing.

If you get contacted by a company asking for information, ignore the request, and contact the company independently to verify it is genuine.

Woman on phone avoiding giving personal data to prevent ransomware

Use mail server content scanning and filtering

Using content scanning and filtering on your mail servers is a smart way to prevent ransomware.

This software reduces the likelihood of a spam email containing malware-infected attachments or links from reaching your inbox.

Never use unfamiliar USBs

Never insert USBs or other removal storage devices into your computer if you do not know where they came from.

Cybercriminals may have infected the device with ransomware and left it in a public space to lure you into using it.

Keep your software and operating system updated

Keeping your software and operating system updated will help protect you from malware. Because when you run an update, you are ensuring that you benefit from the latest security patches, making it harder for cybercriminals to exploit vulnerabilities in your software.

Use a VPN when using public Wi-Fi

Being cautious with public Wi-Fi is a sensible ransomware protection measure.

When you use public Wi-Fi, your computer system is more vulnerable to attack. To stay protected, avoid using public Wi-Fi for confidential transactions, or use a secure VPN.

Use security software

As cybercrime becomes more widespread, ransomware protection has never been more crucial. Protect your computer from ransomware with a comprehensive internet security solution like Kaspersky Internet Security.

When you download or stream, our software blocks infected files, preventing ransomware from infecting your computer and keeping cybercriminals at bay.

Keep security software updated

To benefit from the highest level of protection that internet security software has to offer, ensure you keep it updated. Each update will include the latest security patches and maximize ransomware prevention.

Backup your data

Should you experience a ransomware attack, your data will remain safe if it is backed up. Make sure to keep everything copied on an external hard drive but be sure not to leave it connected to your computer when not in use. If the hard drive is plugged in when you become a victim of a ransomware attack, this data will also be encrypted.

Additionally, cloud storage solutions allow you to revert to previous versions of your files.  Therefore, if they become encrypted by ransomware, you should be able to return to an unencrypted version via cloud storage.

Hard drive to back up data on as ransomware protection measure

How to respond to ransomware attacks

Now you know how to prevent ransomware, but what if you have already become the victim of a ransomware attack?

In the event of a ransomware attack, it is important to know what to do. Here are some simple steps to follow to minimize damage.

Isolate your computer

If you experience a ransomware attack, the first thing to do is to disconnect from any networks and the internet.

Disconnecting in this way, isolates your computer and minimizes the chance of the ransomware infection spreading to other computers.

Never pay the ransom

Do not pay any ransom demanded by the cybercriminals carrying out the ransomware attack.

Like a real-life hostage situation, it is best not to negotiate with cybercriminals. Paying the ransom will not guarantee the return of your data — after all these individuals have already manipulated your trust.

Caving in and paying also encourages this sort of crime. The more people that pay the ransoms, the more popular ransomware attacks become.

Money that should never be paid to cybercriminals carrying out ransomware attacks

Start ransomware removal

To rid your computer of ransomware, follow our simple steps to ransomware removal in the section below.

Ransomware removal guide

Follow the ransomware removal steps below to recover from a ransomware attack.

Step 1: Disconnect from the internet

First up, disconnect from the internet to stop the ransomware spreading to other devices.

Step 2: Run a scan using internet security software

Use the internet security software you have installed to run a scan. This will help to identify any threats. If it detects any risky files, they can be removed or quarantined.

Step 3: Use ransomware decryption tool

If your computer gets infected with encryption ransomware, you will need to use a ransomware decryptor to decrypt your files and data so that you can access them again.

At Kaspersky, we continually research the latest forms of ransomware so that we can create ransomware decryptors to counter each new threat.

Step 4: Restore files from backup

If you have backed up your data externally or on cloud storage, restore a clean backup of all your files on your computer. This allows you to revert to a version of the software that is malware free.

If you don’t have a backup, then clearing your computer and recovering your files is going to be a lot harder. To prevent this from happening, we recommend regularly backing up your data. If you’re prone to forgetting, then take advantage of automatic cloud backup services or set up calendar reminders for yourself.

People happily using laptop after successful ransomware removal

History of ransomware attacks

This article has given ransomware prevention tips, discussed how to deal with a ransomware attack, and explained an easy ransomware removal process.

Now, let’s explore three recent examples of ransomware. Understanding how ransomware spread previously, will help us to appreciate why ransomware protection is so important.

Wolverine Breach

A ransomware attack hit the Wolverine Solutions Group (a supplier to the healthcare sector) in September 2018. Malware encrypted many of the company’s files, leaving workers unable to access them.

Fortunately, forensics experts were able to work to decrypt and restore them on October 3. Less fortunate, however, was the fact lots of patient data was compromised as a result of the attack.

Names, addresses, medical data, and other personal information may have fallen into the hands of the cybercriminals who carried out the attack.

Hospital staff like the ones targeted in Wolverine Breach ransomware attack

Ryuk

Ryuk is a ransomware attack that started in August 2018. It differed from other attacks in the way it was able to encrypt network drives.

As a result, hackers were able to lock down the Windows System Restore option, leaving users unable to recover from the attack if they did not have data backed up externally.

GandCrab

GandCrab is a destructive ransomware attack that hit in January 2018. It had many versions and became infamous as the infection quickly spread.

The police worked closely with internet security providers to produce a ransomware decryptor to counter the effects of this attack.

Want to prevent your data being held to ransom? Protect your computer from ransomware with Kaspersky Internet Security.