Ransomware is malware that encrypts your files or stops you from using your computer until you pay money (a ransom) for them to be unlocked. If your computer is connected to a network the ransomware may also spread to other computers or storage devices on the network.
Some of the ways you can get infected by ransomware include:
Visiting unsafe, suspicious, or fake websites.
Opening file attachments that you weren’t expecting or from people you don’t know.
Opening malicious or bad links in emails, Facebook, Twitter, and other social media posts, or in instant messenger or SMS chats.
You can often recognize a fake email and webpage because they have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).
Ransomware can target any PC—whether it’s a home computer, PCs on an enterprise network, or servers used by a government agency.
Caution: Mobile devices can get ransomware too! Learn more
How can I help keep my PC secure?
Make sure your PC is up to date with the latest version of Windows and all the latest patches. Learn more about Windows Update.
Be sure Windows Security is turned on to help protect you from viruses and malware (or Windows Defender Security Center in previous versions of Windows 10).
In Windows 10 turn on Controlled Folder Access to protect your important local folders from unauthorized programs like ransomware or other malware.
Get ransomware detection and recovery with Microsoft 365 advanced protection.
Back up your files with File History if it hasn’t already been turned on by your PC’s manufacturer. Learn more about File History.
Store important files on Microsoft OneDrive. OneDrive includes built in ransomware detection and recovery as well as file versioning so you can restore a previous version of a file. And when you edit Microsoft Office files stored on OneDrive your work is automatically saved as you go.
Use a secure, modern, browser such as Microsoft Edge.
Restart your computer periodically; at least once a week. This can help ensure the applications and operating system are up-to-date and helps your system run better.
Note: If you’re a small business owner consider using Microsoft 365 Business Premium. It includes Microsoft Defender Advanced Threat Protection to help protect your business against online threats.
If you suspect you’ve been infected
Use antimalware programs, such as Windows Security, whenever you’re concerned your PC might be infected. For example, if you hear about new malware in the news or you notice odd behavior on your PC. See Virus & threat protection in Windows Security for how to scan your device.
If you actually get a ransomware infection
Unfortunately, a ransomware infection usually doesn’t show itself until you see some type of notification, either in a window, an app, or a full-screen message, demanding money to regain access to your PC or files. These messages often display after encrypting your files.
Try fully cleaning your PC with Windows Security. You should do this before you try to recover your files. Also see Backup and Restore in Windows 10 for help on backing up and recovering files for your version of Windows.
Don’t pay money to recover your files. Even if you were to pay the ransom, there is no guarantee that you’ll regain access to your PC or files.
What to do if you already paid
If you’ve already paid the ransom, immediately contact your bank and your local authorities. If you paid with a credit card, your bank may be able to block the transaction and return your money.
You can also contact the following government fraud and scam reporting websites:
In Australia, go to the SCAMwatch website.
In Ireland, go to the An Garda Síochána website.
In New Zealand, go to the Consumer Affairs Scams website.
In the United Kingdom, go to the Action Fraud website.
In the United States, go to the On Guard Online website.
If your region isn’t listed here, Microsoft recommends that you contact your region’s federal police or communications authority.
For an illustrated overview about ransomware and what you can do to help protect yourself, see The 5Ws and 1H of ransomware.
If you’re in an enterprise, see the Microsoft Malware Protection Center for in-depth information about ransomware.
Everyday technology made easy
We recommend you do this today and avoid the debate over whether you should pay the ransom.
What You Need to Know About Ransomware
Ransomware is a kind of malware designed to lock you out of your computer unless you pay a ransom. It usually encrypts your files to lock you out, and the ransom is typically in cryptocurrency. Ransomware usually targets corporate, enterprise, and government entities, but individuals can and do get pulled into the fray.
The software is increasingly sophisticated with new variants arriving all the time. While most criminals treat an attack as a transaction, some ransomware authors seem to revel in screwing with victims. Last year, we learned about ZENIS, ransomware that purposely deletes backups. And more recently, GermanWiper, which doesn’t encrypt your files at all—it simply deletes them and demands a ransom anyway. Hapless victims who pay have nothing to decrypt because their files were gone from the start.
And there are more attack vectors than ever.
“Ransomware is now being transmitted in a variety of mechanisms making it increasingly difficult for end-users to stay protected,” said Victor Congionti, chief information officer at cybersecurity firm Proven Data. “Traditionally, ransomware has been distributed via email campaigns that rely on gullible users to download malicious links.” But he also said, “Ransomware is increasingly distributed in nontraditional ways.”
Criminals now disguise it in apps and unvetted software. Or, they transmit it through spear-phishing attacks, in which they target individuals within an organization who are more likely to click on suspicious links.
Protecting Against Ransomware
What is ransomware?
Ransomware is a type of malware threat actors use to infect computers and encrypt computer files until a ransom is paid. (See Protecting Against Malicious Code for more information on malware.) After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.
If the threat actor’s ransom demands are not met (i.e., if the victim does not pay the ransom), the files or encrypted data will usually remain encrypted and unavailable to the victim. Even after a ransom has been paid to unlock encrypted files, threat actors will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access. The Federal Government does not support paying ransomware demands. (See the FBI’s ransomware article.)
How does ransomware work?
Ransomware identifies the drives on an infected system and begins to encrypt the files within each drive. Ransomware generally adds an extension to the encrypted files, such as .aaa , .micro , .encrypted , .ttt , .xyz , .zzz , .locky , .crypt , .cryptolocker , .vault , or .petya , to show that the files have been encrypted—the file extension used is unique to the ransomware type.
Once the ransomware has completed file encryption, it creates and displays a file or files containing instructions on how the victim can pay the ransom. If the victim pays the ransom, the threat actor may provide a cryptographic key that the victim can use to unlock the files, making them accessible.
How is ransomware delivered?
Ransomware is commonly delivered through phishing emails or via “drive-by downloads.” Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment. A “drive-by download” is a program that is automatically downloaded from the internet without the user’s consent or often without their knowledge. It is possible the malicious code may run after download, without user interaction. After the malicious code has been run, the computer becomes infected with ransomware.
04 December 2019, Hessen, Darmstadt: IT security scientists are training in the “Cyber Range” room . [+] in the new “Athene” cyber security centre how infiltrated blackmail programs (“Ransomware”) can be rendered harmless. The national research institute of the Fraunhofer-Gesellschaft, the Technical University and the Darmstadt University of Applied Sciences, which has been in existence since the beginning of the year, is intended to help ensure security and the protection of privacy in the face of increasing digitalization. Photo: Frank Rumpenhorst/dpa (Photo by Frank Rumpenhorst/picture alliance via Getty Images)
dpa/picture alliance via Getty Images
Windows 10 ransomware protection remains the first line of defense for consumers using Windows in 2021.
Ransomware not only denies access to your data but demands a ransom be paid. And criminals are increasingly turning to so-called “double extortion,” where they threaten to expose sensitive user data if a separate ransom isn’t paid.
And the size of payments is on the rise. In 2020, the average cost of ransomware nearly tripled to $312,493 in 2020 and the ‘highest amount paid’ doubled to $10 million, according to Palo Alto Networks.
Are you protected? Windows ransomware protection basics
Unbeknownst to many consumer users of Windows, Microsoft offers built-in ransomware protection as part of Windows Defender, found under Virus & Threat Protection.
The basics for turning it on aren’t complicated: type in “Ransomware Protection” in the Windows 10 Cortana search bar (typically in the bottom lower left of the screen) then go to the “Ransomware Protection” screen.
You’re given the option to turn on Controlled Folder Access. Turn it on. Then you have the option to select which folders you want protected* by clicking on “Protected Folders.”
On the next Protected Folders screen, you will see that some folders are already listed and protected by default, others you can add yourself.
The JBL Boombox Has Wall-Shaking Sound And It’s Lower Than Ever For Amazon Prime Day With $125 Off
11 Amazon Deals On TikTok To Scoop Up During Prime Day (Yes, Even Those Leggings)
Windows 10 ransomware protection.
Credit: screenshot Brooke Crothers
The State of Windows Defender Ransomware protection — with some surprises
A YouTube video (at bottom) from The PC Security Channel — an organization sponsored by the Ingenuity Lab, University of Nottingham — ran tests earlier this year to demonstrate the level of protection you can expect from Windows Defender.
While the online protection test let only a single ransomware “sample” get through (see 2:20 mark), the offline protection was much more dicey (see: 7:40 mark) with 10 samples missed.
The PC Security Channel recommends turning on the Controlled Folder Access, as cited above.
Microsoft agrees that cloud protection is critical. “Cloud protections are an important part of defending new malware in real-time,” a Microsoft spokesperson told me. “They allow us to continually enhance our anti-malware and other security features built into our platforms to fight the evolving complexity of threats,” the spokesperson said.
Tactics to fend off ransomware
It’s strongly suggested by cybersecurity professionals that you use a a cloud-based file hosting service with automatic backup, such as Microsoft’s OneDrive, so you’re regularly backing up files.
Another good defense is a so-called “air gap” strategy where the external storage device is completely disconnected (i.e., offline) from your computer and the internet. Back up your files, then disconnect the storage device.
Another piece of advice is to separate work and personal devices, says Unit 42 of Palo Alto Networks, a cybersecurity firm. While attackers tend to target corporations, schools, and hospitals, “we may see consumers who are working from home and doing their shopping on their work devices get targeted by attackers,” Unit 42 said.
“While Windows Defender has improved considerably over the years, there are several key areas where it is still largely susceptible to attacks, as we have found during our repeated testing on The PC Security Channel,” Leo, who is the founder of the PC Security Channel, told me in email.
*White list: the goal of ransomware protection in Windows is to block suspicious software but if an app is blocked that you know is safe, Microsoft gives you the option to build a white list. Use the Controlled Folder Access for whitelisting apps. You can do this by going to “allow an app through Controlled folder access.”
Ransomware is a type of malware (it’s also known as ransom malware) that prevents a user from being able to access their computer system or personal files until a ransom payment is made, most often by cryptocurrency or credit card, in order to unblock the locked system and regain access. According to SafeAtLast, ransomware attacks will occur every 11 seconds in 2021 and businesses and individuals will pay an average ransom of $233,217, with global costs exceeding $20 billion.
But when it comes to protecting your PC from a ransomware attack, Windows 10 has you covered, which many people are not aware of. All you have to do is turn it on (more on that in a minute).
Usually, malware is presented as a link or attachment in an email pretending to be a person or company you know. Once you open the link/attachment, a code will be loaded onto your computer and you will be locked out of it.
You can also unknowingly download malware onto your computer by visiting unsafe websites, opening suspicious links on Facebook, Twitter, SMS chats, text messages and other social platforms. Most of the time, you can recognize these fake links because they use strange spellings of companies like “Paypal” as “PayePal” and different variations of Amazon, Apple and Netflix to name a few.
But here’s how you can protect your PC.
1. Keep Your PC Up-to-date
Select the Start button, then select Settings > Update & security > Windows Update > Change active hours > Choose the start and end time for active hours > Select Save.
2. Turn on “Windows Security”
Go to Settings > Updates and Security > Windows Security > Virus & threat protection > Manage settings. There you’ll see if the settings for “Cloud-delivered protection” and “Automatic sample submission” are turned on. Turn them on if they aren’t.
3. Turn on “Controlled Folder Access”
Type in “Ransomware Protection” in your PC’s search bar and go to the “Ransomware Protection” screen, where you will be given the option to turn it on and choose which folders you want to protect.
Or you can go to Start > Settings > Update & Security >Windows Security > Virus & threat protection > Virus & threat protection settings > Manage settings > Controlled folder access > Manage Controlled folder access > Protected folders > Add a protected folder and follow the instructions to add folders.
More Tips to Keep Your PC Secure
- Get Microsoft 365 advanced protection, which has ransomware detection and recovery.
- Backup your files with File History.
- Store your important files onto Microsoft OneDrive, which has built in ransomware detection and recovery.
- Use a secure and modern browser.
- Restart your computer at least once a week to ensure the applications and operating system are up-to-date.
Microsoft recommends you NEVER pay a ransom to recover your files if you get a ransomware infection, because there is no guarantee that you’ll regain access to your PC or files. Instead, you should try fully cleaning your PC with Windows Security first.
NotPetya ransomware hit the globe; the vaccine has been found
On Tuesday, massive NotPetya ransomware attack hit Ukraine, as well as other countries in Europe, Russia, and the United States. Judging from the scale of the attack, malware might become a huge competitor to WannaCry ransomware.
Currently, researchers are analyzing this cyber threat in order to find its origins, operation peculiarities and ways to stop it. Nevertheless, data recovery is currently unavailable without paying the ransom (not recommended); people can vaccinate their computers to avoid this cyber threat. 
However, researchers point out that it’s only a vaccine, not a kill a switch. Thus, the discovered solution doesn’t help to disable or terminate the virus.
Inspired by WannaCry, based on Petya
NotPetya was believed to be a new version of Petya ransomware. However, the research revealed that it just uses some parts of Petya’s source code.
The virus also exploits the same system vulnerabilities as WannaCry ransomware. According to the recent data, it uses a modified EternalBlue exploit that allows attackers to take advantage of Microsoft SMBv1 protocol.  What is more, it also uses another NSA’s exploit – EternalRomance – that targets unsupported Windows OS, starting from Windows XP to Windows 2008. 
On the affected system, it targets network’s administrator tools and continues spreading with the help of PsExec and remote Windows Management Instrumentation (WMI). 
Ransomware mainly spreads via compromised networks. Thus, only one insecure and unpatched computer might be responsible for infecting the whole local network.
Vaccine for NotPetya
The first thing NotPetya does on the compromised computer is looking up for its filename in C:\\windows\\ folder. If malware finds it, it starts data encryption procedure. Therefore, users just need to create this file and set it read-only.  Then ransomware won’t be able to cause damage to the computer.
In order to activate vaccination, follow these steps:
1. Go to Folder Options and make sure that “Hide extensions for known file types” option is unchecked. This feature allows seeing file extensions.
2. Open C:\\Windows folder
3. Find notepad.exe and left-click on it.
4. Click Ctrl + C and Ctrl + V to copy and paste it.
5. In the appeared Destination Folder Access Denied prompt, click Continue. The file called “notepad – Copy.exe” will be created.
6. Left-click “notepad – Copy.exe” and then press F2 on the keyboard. You will be allowed to erase the file name (notepad).
7. Instead of the real name enter perfc and click Enter.
8. In the appeared prompt click Yes to rename the files.
9. In the received Windows notification, click Continue button.
10. Once the perf file is created, you have to set it read-only. Right-click the file and choose Properties.
11. At the bottom of perf Properties window, you will Attributes section. Mark the checkbox saying “Read-only.”
12. Click Apply and then OK.
- September 16, 2019
- 03:35 AM
Windows Defender includes a security feature called “Ransomware Protection” that allows you to enable various protections against ransomware infections. This feature is disabled by default in Windows 10, but with ransomware running rampant, it is important to enable this feature in order to get the most protection you can for your computer.
If you are a regular reader of BleepingComputer, then you have heard about ransomware. For those not familiar with the term, ransomware is a computer malware infection that encrypts the data on your computer and then demands a ransom in bitcoins to decrypt them.
Ransomware Protection feature
Windows 10’s includes a Ransomware Protection feature that is comprised of two components; Controlled Folder Access and Ransomware Data Recovery.
Controlled Folder Access will allow you to specify certain folders that you wish to monitor for and block changes to the files contained in them. This will block all programs, but the ones you allow, from making any modifications to the files within monitored folders, which will protect them from being encrypted by ransomware.
The other component is Ransomware Data Recovery, which will automatically sync your common data folders with your Microsoft OneDrive account in order to backup your files. Ransomware victims with this feature enabled can then use OneDrive to recover their files if they ever become encrypted by ransomware.
In Windows 10 version 1903, Windows Defender’s Ransomware Protection is disabled by default. With this guide we will teach you how to enable it so that it can protect your computer against ransomware attacks.
Unfortunately, if you have a third-party antivirus software installed and Windows Defender’s real-time protection is disabled, the Ransomware Protection features screen and the Controlled Folder Access feature won’t be accessible.
How to enable Ransomware Protection in Windows 10
To enable the full Ransomware Protection capabilities of Windows 10, you should configure both Controlled Folder Access and login to Microsoft OneDrive in order to backup your files.
To do this, just follow these steps:
- Click on the Start menu.
- Type Windows Security and select the search result when it appears. You can also access Windows Security by going to the Settings app and navigating to Update & Security–>Windows Security.
After opening Windows Security, click on Virus & Threat Protection option.
Scroll down and locate Ransomware Protection and click on the Manage ransomware protection option.
On the next page, you will find a brief description of Controlled folder access and a toggle to enable it.
To enable Ransomware Protection. turn on Controlled Folder Access and login to OneDrive so that both features are enabled as seen below.
You can now configure Controlled Folder Access and choose any folder you want to monitor and block from malicious programs.
Malware is of many different types. Virus and Spyware both are a type of malware. Although they may not be as dangerous as the modern-day malware (like for example ransomware), you need to protect your PC(s) against them. If not, your PC(s) can get infected by them before you know it. And recovering an infected machine is not an easy task. So let’s take a look at what virus and spyware are and how to protect your PC(s) from them.
What is a Computer Virus?
It’s a piece of code designed to infect and gain control over vulnerable PC(s). Just like a biological virus, they can self-replicate themselves and spread from one computer to another within a network. Hackers usually hide them in files which will then be passed onto the targets (users) as e-mail attachments, downloadable files on the internet etc.,
As soon as the users interact (open) the file, the virus runs automatically and starts replicating itself to spread to the other files and computers within a network.
What is Spyware?
Another malicious program (malware) which collects vital information about your browser history, sensitive personal information (like credit card numbers) and send it to hackers who benefit greatly from them. Spyware is often bundled with other software (usually free downloadable ones available on the internet) and installs itself the moment the software is downloaded onto your PC(s).
How To Prevent Computer Virus and Spyware?
Both types of malware can be prevented from infecting your PC(s) by looking out for some tell-tale signs, exercising caution while online and by installing security products. Let’s take a look at them one by one.
1. Recognizing Viruses and Spyware: Whatever the malware your PC is infected with, there will always be accompanied by some tell-tale signs. In the case of a computer virus, your internet connection might slow down or your PC will act on its own executing actions without your permission. Whereas in the case of spyware, unidentifiable icons may appear in your task bar, internet searches which may direct you to different search engines, random error messages etc.,
But the best way is to recognize viruses and spyware is by using virus scanners and spyware scanners, which are usually available in antivirus packages like Comodo Antivirus.
2. Exercising Caution: Whatever the malware – virus, spyware or any other – certain precautionary steps using which users like you can safeguard your PC(s) remain the same. For example, not downloading programs from unknown sources, not opening attachments belonging to suspicious mails, not clicking on pop-up ads etc., Simply put, educating yourself about the dangers of the internet and thereby preventing yourself from becoming the gullible internet user should do the trick.
3. By Installing Security Products: The best way to combat (prevent, defend and take action) is to install antivirus software (sometimes knows as virus protection software) onto your PC(s). Many antivirus software successfully protect your PC(s) against virus, malware and various other security threats as well.
Installing the whole virus protection software is another excellent way of adding layers of protection that will ensure viruses, spyware and other such malware, don’t easily infiltrate your PC(s). Because the whole virus protection software will be updated enough to tackle new (and evolving) malware signatures as well.
Ransomware, which is a form of malware , works by either holding your entire computer hostage or by blocking access to all of your files by encrypting them. A person infected with ransomware is typically ordered (via a pop-up window) to pay anything from a few hundred to a few thousand dollars in order to get the key to unlock their encrypted data.
Of course, there’s no guarantee that even if a victim pays the demanded amount they will actually get access to their files again, which makes dealing with ransomware somewhat of a tricky issue.
And with new, sophisticated strands of ransomware on the rise, it’s likely that more people will become infected and have to deal with the headache that comes along with it, security experts tell Business Insider.
How is ransomware evolving and how is it spreading?
Cyber criminals are now using the most modern cryptography to encrypt stolen files and are getting really good at making their dangerous links and downloads seem perfectly benign.
One new strand of ransomware that falls into this category is called CDT-Locker and is often times very hard to detect. CDT-Locker can be hidden in files in such a way that even security software can’t tell it’s there. To make matters worse, hackers are getting people to willingly download these dangerous files by using sneaky tricks to make them appear legitimate.
For example, a hacker might pose as your utility company in an email stating that they need you to fill out an attached form or else your power will be cut off. Or a hacker might even use social engineering to pose as someone in your contact list to get you to click on a link in an email.
Cyber criminals are even using social media sites and newsgroup postings to spread the malicious code.
“There’s a lot that the facilitators are doing to take advantage of natural human reactions that we would find disturbing in the real world,” said Steve Grobman, the chief technology officer of Intel’s Security Group.
“They are really using any sort of content that you can put in front of a user’s eyes. Whether it’s Twitter or various news feeds or websites. It’s any point of contact to download and run the software with the ransomware.”
So what do you do if you accidently fall victim to ransomware?
Well, the first thing you may want to do is alert law enforcement, said Jason Glassberg, the cofounder of the security firm Casaba Security. While they might not be able to help you much, they should still be made aware of the crime.
Second, you should turn off your infected computer and disconnect it from the network it is on. This is important because an infected computer can potentially take down other computers sharing the same network, Glassberg said.
While the malicious software itself can be removed, getting your data back is a whole different story, Glassberg said. Because new strains of ransomware are using advanced cryptography, recovering files is pretty much impossible without the necessary key to unencrypt them, he said.
Finally, you have to decide whether or not you are going to pay the ransom. If you’ve backed up your data on a separate hard drive you can at least recover the data you lost from the point of the last backup. And this can prevent the major headache of debating whether or not to chance paying the criminals who locked your computer.
“We want to make it very clear, as far as preventing yourself from getting into this situation to begin with, it is really critical that everyone, regardless of whether you are a consumer, a small business or a large business, that backups are set up in such a way that they are separate from your computer. So if you are hit by ransomware you are able to get data back without paying the ransom,” Grobman said.
But if you decide to risk paying the ransom you should know that the cyber criminal will likely require you to pay using Bitcoin or another virtual currency over the Tor network, which is a software used to make web browsing anonymous. This means that tracing the thieves is nearly impossible and if they decide not to unlock your computer you are pretty much out of luck and money.
And even if the hackers do give you the keys to unlock your encrypted files, there is always a chance they can lock your computer again in the future to demand more payment. Considering the risks, Grobman advises against caving to the hackers.
“We have seen many scenarios where even if the user pays, they don’t get the recovery keys. So it’s one of the reasons we tell our customers that paying the ransom is not the best course of action,” Grobman said.
“For starters, paying the ransom may not result in you getting your keys back. And you are also providing additional incentives for the criminal element to continue to build ransomware and make it more effective and helping it become an even bigger problem in the future.”