Protect your PC from ransomware. How to protect against ransomware windows 10

If you want to protect additional folders from ransomware, such as a folder on your Desktop (which is not protected by default), you can select “Protected Folders” and click “Add Protected Folder.

Protection Against Ransomware – Best Practices in 2021

Protection against ransomware is essential as cryptography-based computer viruses can damage your personal files for good. This type of malware is created, improved and distributed around the world every day and generates huge profits for cyber criminals every day. Unfortunately, this is a very effective cyberweapon used by criminals to extort money, and many victims still choose to pay only to be scammed again by hackers. Some of the most common ransomware threats today are STOP / DJVU, DHARMA, PHOBOS, IGAL, QLKM.

Ransomware is a malicious computer virus that damages files on an infected system and makes ransom demands. Typically, viruses such as WannaCry or STOP (DJVU) ransomware use AES or RSA encryption to encrypt data securely, and there is no way to undo this procedure without secret keys being sent by the virus to the management and control center.

When encrypting your data, malware adds certain file extensions to the file names so you can see that the files have been modified in some way. Then, ransomware virus drops ransom note which contains ransom payment information. Malware writers expect victims to make a payment, usually in cryptocurrency, to a given crypto wallet address within a specified time period.

Therefore, it is imperative to take all possible measures to protect your computer from ransomware attack.

Ways to prevent ransomware attacks

There is no golden rule when it comes to avoiding ransomware. In fact, you need to follow a certain set of rules to keep your files safe and your computer system clean.

Keeping up with the latest distribution tricks by malware writers can be difficult, so we’ve compiled a do-and-don’t list. Follow the given guide on how to prevent ransomware attacks in 2019.

1. Backup your data

Backup is the best way to protect your data. Security professionals never get bored of repeating this advice; however, users tend to delay this task until it is too late. No matter how good your security software is, it can also fail.

Therefore, having a backup of your data is simply a must. You don’t have to back up everything – the most important files are enough. Usually we stick to good old portable storage devices – USB, CD or hard drive. Some ransomware viruses tend to damage files stored in online data clouds, so this may not be the most reliable option.

2. Install software and OS updates

Having an up-to-date system and software means having the best versions possible. Maintaining and using outdated software increases your chances of hacking or infecting your computer. To prevent ransomware attacks, install updates regularly. People using Windows 7 and later versions of this operating system can turn on automatic updates, so make sure you use this feature as well.

Software developers release updates that fix bugs, security vulnerabilities, and bugs in the software. Installing them means patching software weaknesses and blocking hackers from exploiting them. We won’t go into detail about how hackers do, but trust us – they are quickly exploiting outdated systems as this gives them the chance to attack multiple systems at once.

3. Be careful online

Being careful on the Internet is a key factor in helping prevent ransomware attacks. However, the best way to stay safe is to develop a feeling of what’s right and wrong on the Internet. It’s hard to explain, but we suggest that you follow the tips below to recognize unsafe content on the Internet:

  • Don’t open emails from someone you didn’t expect them to write to. It doesn’t matter if it’s someone who claims to work for Amazon or some other trustworthy company, don’t open links and attachments inserted in the message. Most likely, it will create a malicious payload that will destroy your data for good. Criminals are actively using the names of courier companies (such as DPD, DHL, UPS) to trick victims into opening malicious content during the COVID-19 pandemic.
  • Avoid eye-catching but suspicious links and ads. If something looks too good to be true – believe us, it most likely is. Clicking on suspicious content could trigger a series of redirects, leading to infected or promoting tech support websites. Be especially careful with strange looking links sent by strangers or contacts on social media platforms. We suggest reading more about Facebook viruses to get an idea of ​​how attackers behave.
  • Do not rush. Some people hate popups, especially if they don’t understand what their purpose is. Therefore, they start clicking on anything to get rid of them. If you notice pop-ups on your screen, don’t panic and close the ad or page carefully. Read what the popup says and make sure it is safe to close. You can also get rid of suspicious pop-ups and websites that keep them from closing with Windows Task Manager.
  • Use strong passwords. Make sure to use a difficult combination of upper and lower letters, numbers and symbols as this complicates hackers’ brute force method. In other words, such passwords are much more difficult to guess automatically with special software.
  • Stay away from torrents that promote software cracking or generating keys. Such illegal downloading is known to be the main distribution vector of some of the most common ransomware variants today, such as STOP / DJVU. Tools like this or KMSPico are used to activate a premium software license for free; unfortunately, they can encrypt all your files instead, as it turns out to be disguised ransomware. Obtain legal software license keys only from the websites of their official vendors.

Ransomware gangs have become pro. DarkSide, the group responsible for the series of ransomware attacks, including Colonial Pipeline, is now operating on a business model that mirrors legitimate companies.

How can I help keep my PC secure?

Make sure your computer is updated to the latest version of Windows and all the latest patches. Learn more about Windows Update.

Make sure Windows Security is turned on to protect you from viruses and malware (or Windows Defender Security Center in previous versions of Windows 10).

In Windows 10 or 11, enable Controlled Folder Access to protect important local folders from unauthorized programs such as ransomware or other malware.

Get ransomware detection and recovery with advanced Microsoft 365 protection.

Back up your files using File History, if not already enabled by your computer manufacturer. Learn more about File History.

Store important files on Microsoft OneDrive. OneDrive includes built-in ransomware detection and recovery as well as file versioning so you can restore a previous version of a file. And when you edit Microsoft Office files stored in OneDrive, your work is automatically saved on the fly.

Use a secure, modern browser like Microsoft Edge.

Restart the computer periodically; at least once a week. This will help keep your application and operating system up-to-date, and improve system performance.

Note: If you are a small business owner, consider using Microsoft 365 Business Premium. It includes Microsoft Defender Advanced Threat Protection to help protect your business from online threats.

If you suspect you’ve been infected

Use anti-malware software, such as Windows Security, when you are concerned that your computer may be infected. For example, if you hear about new malware in the news or notice strange behavior on your computer. See Virus and threat protection in Windows Security for information on how to scan your device.

Unfortunately, a ransomware infection usually doesn’t show up until you see some type of notification, in a window, app, or full-screen message requesting money to regain access to your computer or files. Often these messages appear after files have been encrypted.

Try to completely clean your computer using Windows Security. You should do this before trying to recover your files. Also see Windows Backup and Restore for help with backing up and recovering files for your version of Windows.

Don’t pay to recover your files. Even if you were to pay the ransom, there is no guarantee that you will regain access to your computer or files.

Applications are listed according to their reputation and prevalence. Applications that are common throughout the organization and that have never exhibited any behavior considered malicious are considered trustworthy. These applications are automatically added to the list.

Other tactics to fend off ransomware

Use a secure cloud-based file hosting service with automatic backup to back up your files regularly.

Another strategy is the so-called “air gap” in which the external storage device is completely disconnected (ie offline) from the computer and the Internet. Back up your files then disconnect the mass storage device.

Another piece of advice from cybersecurity experts is to keep your work and personal devices separate. While attackers typically target corporations, schools, and hospitals, home-based consumers can become targets of attackers as well.

In Windows 10 or 11, enable Controlled Folder Access to protect important local folders from unauthorized programs such as ransomware or other malware.

Additional ways to protect yourself

While Windows ransomware protection is a powerful built-in tool, it’s probably not a good idea to rely on it as your only defense – as with all anti-malware systems, it should be considered a safety net, not your first line of defense. Here are a few things you can do to avoid ransomware infections in the first place and to make sure your data is safe even if the worst should happen.

Be careful online

As with any malware, ransomware can spread in various ways, such as attaching to phishing emails, exploiting vulnerabilities in outdated software, or disguising itself as a genuine useful program. It’s important to be vigilant when you’re online – if someone tries to trick you into downloading a program from an untrusted source that seems too good to be true, proceed with extreme caution.

It is also important to check the extensions of the files you send. If someone claims that an attachment is a document but has an .exe or .msi extension, the file is probably dangerous. If you don’t see the file extension yet, you can right-click it, then click “Properties”. Windows will tell you what kind of file it is next to the “File Type.

Microsoft’s guide to protecting against ransomware lists some of the things that can lead to your computer becoming infected:

• Visiting unsafe, suspicious or fraudulent websites.

• Opening attachments to files you didn’t expect or from people you don’t know.

• Opening malicious or bad links in email, Facebook, Twitter, and other social media posts, instant messaging, or SMS chats.

Keep your software updated

It is also important to make sure that the operating system and software that you regularly use have the latest security patches. Most browsers update automatically, and Windows usually installs updates as they become available. To manually check for updates, go to “Settings”> “Windows Update” and click the “Check for Updates” button.

You can update any applications installed through the built-in Windows Store by going to the Microsoft Store application, clicking the “Library” button in the lower left corner, and then clicking the “Get Updates” button to find available updates. You can also click the “Update” button in individual applications or the “Update All” button at the top of the page.

Make sure to have backups

While ransomware protection and safe browsing habits can help you stay safe, no system is perfect. It is important to have a backup of your computer files so that you do not lose your most valuable photos, videos and documents in case of ransomware infection. Backups can also save you from data loss if your computer is physically damaged, lost, or stolen.

You can read our guide on backing up a computer here. If possible, it’s best to have two different forms of backup: one local and the other cloud-based. However, having any type of backup is much better than having nothing.

What to do if your computer is infected with ransomware

If all security has failed and you discover that your computer is infected with ransomware, there are three important steps to follow:

  1. Disconnect your computer from your Wi-Fi or Ethernet network – Some ransomware can spread to other computers connected to your network, so it’s important to limit the damage.
  2. Don’t pay the ransom – This may be illegal depending on where the hackers are located trying to extort you, and paying does not guarantee that you will actually be able to access your files.
  3. Don’t connect backups if you have them – ransomware will most likely try to destroy these files as well.

Microsoft recommends that you perform a full computer scan with Windows Security. (Another good application to try is Malwarebytes, which is well known for its ability to remove malware from your computer and is free for personal use.) If neither of these applications work, you may need to completely reset your computer.

Finally, if you are unsure that you can remove ransomware yourself, take your computer to a professional – it’s best to make sure it’s fully clean before trying to recover your backups.

Enabling the “Controlled Folder Access” feature ensures that unauthorized applications cannot make changes to files in some protected folders.

How To Turn on Windows 10 Ransomware Protection

To enable ransomware protection in Windows 10, you can do the following:

1. Open Windows Security
In Windows 10, type “security” in the search bar and select the Windows Security app to get started. Once Windows Security is initialized, go to the left-hand menu and select “Virus & Threat Protection” (it has a shield icon).

2. Manage ransomware protection
On the Virus & Threat Protection page, scroll down until you see a section called Ransomware Protection. Look for the Manage Ransomware Protection link and click on it to continue.

3. Enable controlled access to the folder
Look for the Controlled Folder Access section and make sure the switch is turned on. This will automatically start ransomware protection.

4. Allow the required access to some applications
After you turn on controlled access to folders, look under it for the section Allow the application to controlled access to folders. Here you can manage access to the application.

By default, Controlled Folder Access mode stops files from being accessed from all applications that it doesn’t know (probably most third-party applications you use). This can be a problem if the application actually requires access to the file. Select this option to allow a specific application to use your files.

5. Configure OneDrive File Recovery
If you don’t have Microsoft’s OneDrive cloud solution, the Ransomware Protection window will suggest organizing OneDrive. This allows you to store your key files in OneDrive cloud and local hard drive, so you can access them even when Ransomware prevents local files from being accessed.

Basic OneDrive is free and includes single file recovery. If you’ve previously set up OneDrive, select “View Files” to confirm that your primary files are already in OneDrive.

Potential Drawbacks of Windows Ransomware Protection

Now that you are familiar with this feature, you may be wondering why it isn’t enabled by default. Here are some of the downsides to using Windows ransomware protection in some cases:

  • It only prevents data encryption – attackers are still able to extract files and extort the organization by threatening to publish confidential data.
  • Malware running as administrator – This solution is unable to protect against malware that elevates privileges and runs as administrator, as it can then disable ransomware protection.
    False positives – This feature tends to detect false positives, which can lead to another series of problems. For example, if a trusted program is considered doubtful, the warning may appear at an inappropriate time. This may crash the program or prevent you from saving your work.
  • Limited functionality – It is not possible to tell in advance which programs Microsoft will consider suspicious. Therefore, it is difficult to know in advance if your popular applications or games will function properly when ransomware protection is turned on. A possible solution to prevent trusted programs from being marked as suspicious is to whitelist trusted programs for folders, but this can be complicated for people who may not be technically skilled as it involves locating the executable used to run the program.
  • Comprehensive management – Any files on an external hard drive or in a shared network must be manually placed on the checklist of protected folders. It’s not always easy or fast.

So, while there are advantages to using Widows ransomware protection, all aspects should be considered. Consider your willingness to make a variety of manual adjustments when something isn’t working normally. For some, it may be simpler to just disable the Controlled Access folder and invest in a powerful antivirus for Windows to stop threats like real-time ransomware.

By default, Controlled Folder Access mode stops files from being accessed from all applications that it doesn’t know (probably most third-party applications you use). This can be a problem if the application actually requires access to the file. Select this option to allow a specific application to use your files.

How can I remove ransomware?

They say an ounce of prevention is worth a pound of treatment. This is certainly true when it comes to ransomware. If an attacker encrypts your device and demands a ransom, there is no guarantee that they will decrypt it, whether or not you pay.

That’s why it’s so important to be prepared before getting hit by ransomware. The two key steps to follow are:

  • Install security software before you get hit by ransomware
  • Back up important data (files, documents, photos, videos, etc.)

If you find yourself with a ransomware infection, rule number one is never to pay the ransom. (Now that’s advice endorsed by the FBI.) All it does is encourage cybercriminals to carry out additional attacks on you or someone else.

One of the potential ransomware removal options is the ability to recover some encrypted files with free decryptors. To be clear: not all ransomware families have decryptors made for them, in many cases because the ransomware uses advanced and sophisticated encryption algorithms. And even if there is a decryptor, it’s not always clear if it’s the correct version of the malware. You don’t want to further encrypt your files with the wrong decryption script. Therefore, you need to pay close attention to the ransom-demand message itself or seek advice from a security / IT specialist before trying anything.

Other ways to deal with a ransomware infection include downloading a security product known to repair and running a scan to remove the threat. You may not get your files back, but rest assured that the infection will be removed. In the case of screen-locking ransomware, a full system recovery may be required. If that doesn’t work, you can try running a scan from a bootable CD or USB drive.

If you want to try to thwart an encryption ransomware infection in action, you need to be extremely vigilant. If you notice that the system slows down for no reason, shut it down and disconnect from the Internet. If the malware is still active after restarting, it won’t be able to send or receive instructions from the command and control server. This means that malware may remain idle without a key or payment method. At this point, download and install the security product and run a full scan.

However, these ransomware removal options will not work in all cases. As mentioned above, customers should proactively protect themselves from ransomware by installing security software such as Malwarebytes Premium and backing up all important data. For businesses, learn more about Malwarebytes’ business solutions that include ransomware detection, prevention, and recall.

How do I protect myself from ransomware?

Security experts agree that the best way to protect yourself from ransomware is to prevent it from happening in the first place.

While there are methods to deal with a ransomware infection, they are imperfect solutions at best and often require much more technical skill than the average computer user. Here’s what we recommend to people to avoid the effects of ransomware attacks.

The first step in preventing ransomware is to invest in incredible cybersecurity – a real-time protection program that is designed to prevent advanced malware attacks such as ransomware. You should also pay attention to features that both protect vulnerable programs from threats (anti-exploit technology) and block files from being kept by ransomware (anti-ransomware component). Customers who used the premium version of Malwarebytes for Windows, for example, were protected against all major ransomware attacks of 2017.

Then, while it may hurt, you need to make regular and secure backups of your data. We recommend using a cloud storage that includes high-level encryption and multi-factor authentication. However, you can buy a USB or external hard drive to save new or updated files to – just make sure to physically disconnect your devices from your computer after backing it up, otherwise they may also be infected with ransomware.

Then make sure your systems and software are up to date. The WannaCry ransomware epidemic has taken advantage of a Microsoft software vulnerability. Although the company released the patch for the vulnerability in March 2017, many people did not install the updates, leaving them vulnerable to attack. We understand that it is difficult to stay on top of the ever-growing list of updates from the ever-growing list of software and applications used in everyday life. Therefore, we recommend that you change your settings to enable automatic updating.

Finally, stay tuned. One of the most common ways ransomware infects computers is through social engineering. Teach yourself (and your employees, if you are a business owner) how to spot malicious spam, suspicious websites, and other scams. Above all, use common sense. If it seems suspicious, it probably is.

There is no golden rule when it comes to avoiding ransomware. In fact, you need to follow a certain set of rules to keep your files safe and your computer system clean.

Extra Steps to Protect Your PC

This built-in protection is one of the best protection against ransomware. Still, it doesn’t hurt to take a few extra steps as well. Here are some additional ways to keep your files safe:

  • Make regular backups of any important data.
  • Never click on links on suspicious websites or unsolicited e-mail.
  • Only download apps from trusted, proprietary app stores.
  • Install and use an anti-malware program.
  • Keep all your software up to date.

If you believe you have been the victim of a ransomware attack, you can report it to authorities such as the FBI or CISA. Follow these experts’ advice and never pay the ransom as your data may not be recovered.

Stay Safe From Ransomware

Ransomware is a scary and very real threat, but you don’t need to be vulnerable. Stay safe with tools like Windows 10 ransomware protection and good cyber hygiene. You can then surf the Internet freely without worrying about losing your valuable files.

Do you have any thoughts on this? Let us know in the comments below, or move the discussion to our Twitter or Facebook.

Rate article