How to Recognize and Prevent Ransomware

Plus what to do if your device is under attack.

A man looks at his computer at the dinner table.
Protect your devices from ransomware.
Branislav Nenin / Shutterstock

Technology-based attacks have been on the rise for decades, but in the last few years, ransomware attacks have reached epidemic proportions. Ransomware impacts big businesses and average people alike, and it’s growing in both sophistication and prevalence. These attacks doubled in frequency in 2021, according to Verizon, costing each victim an average of more than $11,000 in damages.

Are you at risk? And what can you do about ransomware? Here’s what the experts say.

What is ransomware?

Ransomware is a type of malware that works much like a classic computer virus, although ransomware is designed with a specific way of causing damage. Once installed on your computer, it encrypts files—generally everything it can find—which locks them and makes them completely unusable to you. At this point, the attacker makes themselves known, demanding a ransom (usually paid in untraceable bitcoin) in return for the key that will decrypt your files and return them to usability.

This combination—encrypted files, held hostage for a ransom—is what makes ransomware both so unique and so dangerous. Attackers can gain millions of dollars from a single successful attack, and tracking down perpetrators has proven incredibly difficult for law enforcement. Meanwhile, ransomware attacks are easier than ever for attackers to undertake. All of this has combined to fuel the incredible growth rate of ransomware attacks.

A woman backs up her computer to make recovery from malware or ransomware easier.
Good cyber hygiene is essential for preventing a ransomware attack.
Olena Yakobchuk / Shutterstock

How to Prevent a Ransomware Attack

At its simplest, ransomware is prevented by the same tactics that prevent any type of malware attack. That starts by making sure you are running up to date security software on all your devices, says Dana Simberkoff, Chief Information Security Officer for AvePoint, a data management company. Free security software such as MalwareBytes and Avast One are readily available for many platforms, so there’s no excuse not to run one of them.

Understanding good “cyber hygiene” is next: That means following the age-old advice against visiting risky websites, opening suspicious email attachments—even those that appear to be emailed by a trusted friend—and giving out passwords or other personal information online or over the phone. Simberkoff says it’s critical for all users to train themselves to “think before they click.”

Lastly, a key component of any ransomware defense is backing up data. Ransomware’s use of file encryption software means all those financial documents, prized family photos, and your half-finished novel can all be locked in seconds. Backups—preferably stored offline on a USB hard drive or similar device that you only plug in periodically—are the gold standard for ransomware recovery. (Backups accessible on your home network can also become infected.) With a good, recent backup in hand, it’s relatively easy to recover from attack and get all your data back. Many external hard drives include backup software preinstalled; try setting a daily or weekly reminder to prompt you to use it.


What to do if You’re Under a Ransomware Attack

The biggest question asked by ransomware victims is: Should I pay the ransom? Universally, the answer is no. Mike Wills, a prolific cybersecurity book author and a professor at Embry-Riddle University, says, “There’s no guarantee that your data will come back to you in usable form if you pay. Many of these attacks destroy your system files with a one-way form of encryption that cannot be undone.” As well, paying a ransom can follow you for years, marking you as a victim that’s willing to pay: a cash cow who can be attacked over and over again.

Your best recourse is to ignore financial demands, then reinstall your operating system and restore your files from backup, overwriting the malware permanently.

What if you don’t have backups? Antimalware software like the packages mentioned above can help prevent some infections, but they can’t retrieve any encrypted data for you once the malware is installed. Focus on protecting what you have by disconnecting the infected machine from your home network and the internet, then use a separate device (like a phone or public computer) to ensure any data stored online is still safe. Again: Making regular backups is the only surefire way to prevent disaster in the long term, so get started with them today.