Protect Your Data From Ransomware With These 5 Steps

Christian Cawley 19-09-2016

You’re concerned about ransomware, but don’t know how to protect yourself. Don’t worry, just follow these five steps to avoid your data being hijacked and put to ransom.


Just in case you’ve somehow ignored (or are unaware of) the threat from ransomware, it’s time to get up to speed.

Ransomware is a form of malicious software, more commonly known as malware, that encrypts your data. The key to decrypting that data is hidden from you until you fork over a ransom, which usually starts at an unreasonable price and increases the longer it takes you to pay.

Ransomware Prevention Cryptolocker
Christiaan Colen via Flickr

Various ransomware threats have been identified over the past few years, with the TorrentLocker infection TorrentLocker Is A New Ransomware Down Under. And It's Evil. Read More among the most common. CryptoLocker is also a well-known ransomware scam, although it is possible to find a decryption tool CryptoLocker Is Dead: Here's How You Can Get Your Files Back! Read More for this now.

More recently, we’ve had the arrival of JavaScript ransomware Your New Security Threat for 2016: JavaScript Ransomware Locky ransomware has been worrying security researchers, but since its brief disappearance and return as a cross-platform JavaScript ransomware threat, things have changed. But what can you do to defeat the Locky ransomware? Read More , while the infamous FBI Ransomware is capable of hitting Android devices FBI Ransomware Hits Android: How to Avoid Getting It (And Remove It) Learn how to keep your Android device safe from FBI Ransomware with these tips. Read More just as easily as it can infect Windows PCs. Ransomware is even affecting more and more Mac users, making it one of the key threats to Apple users What Security Threats Face Mac Users In 2016? Deserved or not, Mac OS X has a reputation for being more secure than Windows. But is that reputation still deserved? What security threats exist for the Apple platform, and how are they affecting users? Read More .


So, it’s time to find a strategy to block ransomware. After all, prevention is better than a cure.

5 Steps to Defend Against Ransomware

You don’t want to be affected by ransomware. Your data is yours, not a toy for some faceless scammer to take off you until you pay up, usually in Bitcoin or some other cryptocurrency. Fortunately, we have some steps you can take — and behaviors you can adopt — to keep your data out of the hands of the scammers.

1. Make regular backups.

This is Ransomware Defense 101. The scammers want to restrict access to your data, but if you have a recent backup copy of it, they’ve already lost. Organize your vital data so that it is stored in a single location, and regularly back it all up. Your backup schedule should be based on how often your files are updated. Daily user? Backup daily.

Ransomware Windows 10 Update Schedule


2. Keep your computer updated.

Whatever platform you’re using, desktop, tablet, or smartphone, stay up-to-date with your operating system updates and upgrades. Did you disable Windows Update Windows Update: Everything You Need to Know Is Windows Update enabled on your PC? Windows Update protects you from security vulnerabilities by keeping Windows, Internet Explorer, and Microsoft Office up-to-date with the latest security patches and bug fixes. Read More ? Switch it back on, and make sure you’re running the latest version.

3. Spot suspicious files, enable file extensions.

One way of combating ransomware (and other malware) is to use your eyes. Many malicious tools have multiple file extensions (such as, for example, .PDF.EXE which immediately identifies them as dangerous, if you know what you’re looking for. By enabling file extensions in Windows How to Change Windows 10 File Associations and Default Programs Default programs depend on the right file type associations. Set default programs and change file associations in Windows 10. Read More , you can spot and delete them (or let your anti-virus software destroy them).

4. Use mail filtering.

In 2016 there is no way that you should be using a desktop email client that doesn’t scan the incoming messages for malware and phishing attempts How to Spot a Phishing Email Catching a phishing email is tough! Scammers pose as PayPal or Amazon, trying to steal your password and credit card information, are their deception is almost perfect. We show you how to spot the fraud. Read More . If you don’t, at least set up a rule that filters out, and deletes, email-bound EXE files. These should never be sent via email and never be opened when received.

5. Employ an internet security suite.

As with all data security challenges, the best protection you’ll get from ransomware is with a competent internet security suite. While the free internet security tools What Is The Best Free Antivirus Software? [MakeUseOf Poll] Because no matter how careful you are when using the Internet, it's always advisable to have antivirus software installed on your computer. Yes, even Macs. Read More are good enough for live scanning and as firewalls, you’ll need to consider a paid alternative.


Ransomware Security Suite BitDefender 2016

When it comes to ransomware protection, premium internet security suites offer tools that protect your personal folders. By blocking permission to these directories, your data should remain safe. Various suites offer this feature, including BitDefender Bitdefender Internet Security 2015: The Ideal Choice For Home PCs [Giveaway] Offering anti-virus, privacy protection, safe banking, firewall and parental control for just $79.95, Bitdefender Internet Security 2015 would seem to be the optimum choice for anyone looking to give their home computer security a boost. Read More .

Tactics That Won’t Stop Ransomware

You may have read or heard about other strategies you can use to defend against, or undo the encryption caused by ransomware. Unfortunately, many of these are now out of date. We’ll take a look at them below.

You already encrypted your data — This will not stop further encryption. Just as an envelope can be placed in another envelope, or a ZIP file zipped up again, so an encrypted directory or entire hard disk drive can be encrypted a second time.


Using system restore — In the early days of ransomware, you would have a good chance at recovery by simply employing Windows system restore to wind back the clock. These days, however, ransomware is usually programmed to delete the system restore files.

Ransomware Windows 10 System Restore Ineffective

Set the BIOS clock back — Another time-related fix that no longer works. Adjusting the BIOS clock to an earlier period can help increase the time you have remaining to pay a ransomware demand. However, if you’ve kept backups of your data, there should be no need to do this. Paying criminals doesn’t make the problem go away. They’ll just target you again and again.

Generally speaking, if you’ve looked up a tactic for circumventing ransomware, and the article is three or more years old, you can be reasonably confident that it won’t work. These scammers are no fools when it comes to encrypting your data and holding it to ransom. But if you follow our five steps above, you can at least be confident that you can deal with a ransomware attack without paying in untraceable Bitcoin to get your data back.

We want to know if you’ve been hit by ransomware. Did you pay the demand? Perhaps you overcame the infection by other means. Tell us about it in the comments.

Related topics: Computer Security, Online Security, Ransomware.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. rk
    May 7, 2018 at 6:58 pm

    Thanks for the info. I like articles that are geared towards beginner/intermediate IT folks or home users. In the past few months, twice, I got a big red message on my laptop that my PC was infected. I couldn't close the window but I did manage to kill it via task manager. It came back once or twice but once I rebooted, it went away. Nothing is infected, my guess is they were trying to scare me? Most of my data is on an USB external hard drive and I plug it in infrequently to write to it or pull data from it. I also have a second 2 TB hard drive that I bought as a second back up but haven't had started using it yet. Looks like I am better off with manual back up from one drive to the other, rather than automatic backup between drives as that will need both drives being connected all the time and thus making them susceptible to ransomware/encryption etc.

  2. Wally Veniot
    April 21, 2018 at 5:34 pm

    After installing kaspersky free my [remote assistance] was activated and all my files rummaged through.After a pro scrubbing with several tools i disabled that built-in tool and encrypted my 1 terabyte drive.It seems to have worked.

  3. Doug
    September 25, 2016 at 2:40 am

    I had a customer that got hit with a ransomware virus a few months back. We were running backups of data files, Quickbooks company files, documents, images, etc., using Crashplan. The Crashplan app did indeed overwrite the good files with the encrypted files. However, Crashplan is versioned, meaning we could go back to a point in time BEFORE the files were encrypted. It took a couple of days, but we were back up and running with no meaningful data loss and, most importantly, we didn't pay the crooks anything. It seems that off-site versioned backup are the secret sauce now. I just set up Carbonite for a customer and they are versioned as well. Off-site backups may be a bit unwieldy for most for system state backups, but are pretty easy to set up for data backups.

  4. Doug
    September 25, 2016 at 2:36 am

    I had a customer that got hit with a ransomware virus several months back. We were running backups of the data files, Quickbooks company files, documents, images, etc., using Crashplan. The Crashplan app did indeed overwrite the good files with the bad encrypted files. However, Crashplan is versioned, meaning we could go back to a point in time BEFORE the files were encrypted. It took a couple of days to pull it all down, but we were back up and running without any meaningful data loss and, most importantly, without paying the crooks anything. I just set up Carbonite for a customer and they are versioned as well. It seems off-site, versioned backups are the secret sauce right now. Probably too unwieldy for system state backups, but manageable for data backups.

  5. P.M. Reuvers
    September 22, 2016 at 5:23 am

    Why my commend isn't published, I tried many times :-(

    • P.M. Reuvers
      September 22, 2016 at 12:57 pm

      Ransomeware don't need administrative privileges and works in the some context as the user. Almost all ransomeware put executable s in the users profile, and execute these. the solution is to block executing from this areas.
      The use of the program "Cryptoprevent " ( is the 6th step in this list.

      So don't let users execute files in writeable area's and the risk for ransomeware is minimized.

  6. P.M. Reuvers
    September 22, 2016 at 5:17 am

    Ransomeware don't need administrative privileges and works in the some context as the user. Almost all ransomeware put executable s in the users profile, and execute these. the solution is to block executing from this areas.
    The use of the program "Cryptoprevent " ( is the 6th step in this list.

    So don't let users execute files in writeable area's and the risk for ransomeware is minimized.

  7. P.M. Reuvers
    September 21, 2016 at 9:22 am

    Ransomware don't need administrative privileges, It uses the users context and write files at places where users can write, in almost all cases is the user profile directory's.

    I Use Cryptoprevent (, It blocks executing executable files like .exe and is a good ransomware protection.

  8. Colin
    September 21, 2016 at 12:34 am

    I try to follow ransomeware stories, but one thing I have not been able to find out about is if you have a multi-boot setup with Windows and Linux. Can any ransome ware as of today, bork your grub set up so that you cannot boot into Linux anymore? I am thinking of when you are using Windows and get hit.

    • Christian Cawley
      September 21, 2016 at 5:51 pm

      I'm afraid I don't know the answer to this, but would be equally interested to find out. I *suspect* ransomware will only hit the Windows partition, but equally it would be unusual for this to be the case with a mature ransomware script.

  9. BadDog
    September 20, 2016 at 6:28 pm

    My wife opened an email and got hit with the Lockey variant of Zepto ransomware. I was able to remove the source but not decrypt the locked files. Hell no I didn't pay. There is no way my wife (or I) will fool around with elaborate back up schemes, but I had saved most of her documents and pictures to a thumb drive a week before.

    • Christian Cawley
      September 21, 2016 at 5:51 pm

      Fortunate! Thanks for sharing, BadDog

  10. Heinz
    September 20, 2016 at 5:58 pm

    If you back up to the cloud, then there is a good chance that when you are hit with Ransomware, your encrypted files are also backed up to the cloud - replacing the good backup files there with encrypted ones. Some cloud services have a rubbish bin where the original files go, but that is usually limited, and can not be 100% relied upon.
    I resorted to leave the local client of the Cloud backup service off, and only start it when I want to backup to the cloud. Before starting the cloud client, check one or 2 files, by double clicking them and see if they are ok. Then check the Disk activity light: after a while it should go off, and stay off - that tells you that nobody is busy encrypting. It is then safe to do the backup.
    There is also a danger with networks, because some newer Ransomware can also access files available over the network, and encrypt them as well. The same happens with a backup drive connected permanently to the network.

    • Christian Cawley
      September 21, 2016 at 5:53 pm

      The way around this would be to disconnect from the internet and close your cloud syncing apps at the moment the ransomware is revealed. Not ideal, I grant you, and ransomware is becoming more sophisticated, as you note.

  11. Hank
    September 20, 2016 at 1:11 pm

    I overall liked this article. My only issue is the part about backups. Yes you should be backing up either with a Windows service or a snapshot tool like Rollback Rx or Comodo Time Machine but you also ABSOLUTELY need to have an off-site backup. This is often times not mentioned. It's fine having backups on the machine itself but you should also have a disk image off site. For what it's worth I use Rollback rx and Drive Cloner and that's a really solid combo.

    • Darryl Gittins
      September 20, 2016 at 2:55 pm

      Good point. Ransomware can infect network drives and obviously also external drives, so those backups can't be trusted. Another option in addition to cloud services is an external drive that is manually disconnected after completing a backup. It's an extra step of complication but also a very solid additional level of safety. The disconnected drive only needs to be used a few times a year to keep your most important content (family photos) safe.

    • Christian Cawley
      September 21, 2016 at 5:55 pm

      Hi Hank, when you say "off site", are you suggesting storage on a separate device, or the full corporate-style remote location? Would be interesting to know if anyone offers that as a service for standard users.

    • Hank
      September 22, 2016 at 12:19 pm

      Seperate stroage device. There's services like the other you mention. I thought Iron Mountain offers personal service, or used to.

    • Christian Cawley
      September 22, 2016 at 1:16 pm

      Thanks, Hank!

  12. Nick Barker
    September 20, 2016 at 9:07 am

    Only the OS runs from my maindrive. And it runs in a sandbox. After a restart I've got rid of all changes. All data is kept on external USB harddrives which are backed up and back ups are read only. To write on them I have to switch them conciously and watch the procedure. During that I'm, off course, OFFLINE! Surfing the web is done only with a Linux Live System running from a CD with harddrives switched off. So there is nothing to be written back to any form of kept memory at all. Keeping important information is done just graphically through a screenshot with a high resolving digital camera. It sounds a bit uncomfortable, but it keeps me from falling in to hell!

    • Darryl Gittins
      September 20, 2016 at 2:56 pm

      Good strategy, but unfortunately beyond the ability of the average user.

      • fred
        February 1, 2020 at 10:52 pm

        An excellent strategy.
        An of prevention/inconvenience is worth a pound of cure.

        For many years in the past I duel booted linux and winxp.
        I deleted all the windows network modules, browsers, etc. . .

    • Santi
      September 21, 2016 at 4:27 am