Protect your PC from ransomware
Ransomware is malicious software that encrypts your files or prevents you from using your computer until you pay a sum of money (a ransom) to have them decrypted. If your computer is connected to a network, the ransomware may be able to spread to other computers or storage devices on the network as well as your computer.
Some of the ways in which you can become infected by ransomware are as follows:
Visiting websites that are hazardous, dubious, or false.
Opening file attachments that you didn’t expect to receive or that came from folks you don’t recognise.
Opening dangerous or faulty links in emails, Facebook, Twitter, and other social media posts, or in instant messenger or SMS chats is a common method of spreading malware.
You can usually tell whether an email or webpage is a phoney because the spelling is incorrect or the website itself is strange. Keep an eye out for unique spellings of corporate names (for example, “PayePal” instead of “PayPal”), as well as unexpected spaces, symbols, and punctuation marks (like “iTunesCustomer Service” instead of “iTunes Customer Service”).
The ransomware can infect any PC, whether it’s a personal computer, a device connected to an enterprise network, or a server utilised by a government organisation.
Precaution: Ransomware can infect mobile devices as well! More information can be found here.
How can I help keep my PC secure?
Make sure your computer is up to date with the most recent version of Windows as well as all of the most recent security patches. Learn more about Windows Update by visiting their website.
Make sure Windows Security is turned on so that you can be protected from viruses and other malicious software (or Windows Defender Security Center in previous versions of Windows 10).
Controlled Folder Access should be enabled in Windows 10 or 11 in order to protect your important local folders from unauthorised programmes such as ransomware or other malicious software.
With Microsoft 365 enhanced protection, you can detect and recover from ransomware attacks.
Make a backup of your files using File History, if it hasn’t already been enabled by the manufacturer of your computer. Find out more about the File History feature.
Microsoft OneDrive is a cloud-based storage service for essential files. OneDrive includes built-in ransomware detection and recovery, as well as file versioning, which allows you to restore a previous version of a file if you have lost access to it. Furthermore, when you edit Microsoft Office files that are stored on OneDrive, your work is automatically saved as you work.
Restart your computer on a regular basis; at the very least once a week. This can assist you in keeping your programmes and operating system up to date, as well as making your system function more efficiently.
It is recommended that small business owners consider using Microsoft 365 Business Premium as a solution. It contains Microsoft Defender Advanced Threat Protection, which can assist you in protecting your company from online attacks.
If you suspect you’ve been infected
If you believe you have been infected, seek medical attention immediately.
When you have a suspicion that your computer may be compromised with malware, run antimalware software such as Windows Security. For example, if you learn about new malware in the news or see unusual behaviour on your computer, you should report it. For information on how to scan your device, see Virus and threat protection in Windows Security.
If you actually get a ransomware infection
In most cases, a ransomware infection won’t manifest itself until you receive some type of notification, which could be in the form of a window, an app, or a full-screen message, demanding payment in exchange for access to your computer or files. Unfortunately, this isn’t always the case. These notifications are frequently displayed after you have encrypted your data.
Try using Windows Security to completely wipe your computer. This is something you should do before attempting to retrieve your files. If you have a Windows version other than XP, you may find information about backing up and recovering files under Backup and Restore in Windows.
Do not pay money to get your files recovered. In the event that you were to pay the ransom, there is no assurance that you would be granted access to your computer or files again.
What to do if you already paid
If you’ve already paid the ransom, you should call your bank as well as the appropriate authorities in your area. If you used a credit card to make your purchase, your bank may be able to reverse the transaction and refund your money.
- You can also report fraud and scams to the authorities through one of the websites listed below:
- Visit the SCAMwatch website if you’re in Australia.
- If you live in Canada, you can contact the Canadian Anti-Fraud Centre.
- In France, visit the website of the Agence nationale de la sécurité des systèmes d’information (National Agency for Information Security).
- In Germany, visit the website of the Bundesamt für Sicherheit in der Informationstechnik (Bundesamt for Information Security in Information Technology).
- In Ireland, visit the website of the An Garda Sochána (Irish Police Service).
- Visit the Consumer Affairs Scams page in New Zealand for further information.
- Visit the Action Fraud website if you are in the United Kingdom.
- Visit the On Guard Online webpage if you are in the United States.
- It is recommended that you contact the federal police or communications authorities in your region if your region is not featured on the list above.
See The 5Ws and 1H of ransomware for an illustrated overview of ransomware and what you can do to help protect yourself from being a victim.