What Is Ransomware?
Ransomware is malware that encrypts your files and demands payment — typically in cryptocurrency — for the decryption key. Without the key, your encrypted files are unreadable. Without a clean backup, payment may be the only way to recover data.
Ransomware has evolved from attacking individual computers to targeting hospitals, infrastructure, and businesses with demands in the millions of dollars. For individuals, ransomware typically demands hundreds to thousands of dollars.
How Ransomware Is Delivered
Phishing emails: The most common delivery method. Malicious attachments (Word documents with macros, PDF files, executable files) or links that download malware when clicked.
Remote Desktop Protocol (RDP) exploitation: RDP ports exposed to the internet with weak credentials are brute-forced to gain access, followed by manual ransomware deployment.
Software vulnerabilities: Unpatched software with known vulnerabilities is exploited automatically.
Malvertising: Malicious advertisements on legitimate websites trigger drive-by downloads.
Supply chain attacks: Legitimate software updates are compromised to include ransomware.
The 3-2-1 Backup Strategy: The Most Important Defense
The single most important ransomware protection is a backup strategy that ransomware cannot reach.
3-2-1 backup rule
3 copies of your data 2 different storage types 1 offsite or offline backup
For individuals:
- Primary data: On your computer
- Local backup: External hard drive (kept disconnected when not backing up)
- Cloud backup: Offsite backup service
The critical element: at least one backup must be offline and disconnected when not in use. Ransomware encrypts all connected drives including cloud sync folders that are actively connected. Disconnected backups are immune.
Cloud Backup vs Cloud Sync
Cloud sync (Google Drive, Dropbox, OneDrive): Your files are continuously synced. If ransomware encrypts your local files, the encrypted versions sync to the cloud, potentially overwriting the clean versions. Cloud sync alone is not a reliable ransomware backup.
True cloud backup (Backblaze, Acronis, Veeam): Maintains version history. Even if ransomware encrypts and syncs encrypted versions, the backup service retains previous clean versions accessible for recovery.
Email Security as Ransomware Prevention
Phishing emails delivering ransomware are the primary individual attack vector. The email security practices described throughout this guide — not opening unexpected attachments, verifying senders, never clicking urgent "verify your account" links — directly prevent the majority of individual ransomware infections.
Using Temp90 for registrations reduces phishing targeting: attackers who build targeted phishing campaigns based on known service relationships cannot exploit relationships that do not exist because you used Temp90 instead of your real email.
Software Update Discipline
After backups, software updates are the second most important ransomware prevention. Many major ransomware outbreaks (WannaCry, NotPetya) exploited vulnerabilities for which patches had been available for weeks or months. Updated software closes these entry points.
Enable automatic updates for operating systems and major applications. For manually updated software, check for updates monthly.
Additional Prevention Measures
Disable macros in Office documents: Ransomware frequently uses malicious macros. File > Options > Trust Center > Trust Center Settings > Macro Settings > Disable all macros with notification.
Use limited user accounts: Do not use an administrator account for daily use. Malware running under a limited account has less system access.
Enable controlled folder access: Windows 10/11 Controlled Folder Access (Windows Security > Virus & threat protection settings > Ransomware protection) blocks unauthorized applications from modifying protected folders.
Network segmentation: For home networks, keeping IoT devices on a separate network limits ransomware spread.
If Infected with Ransomware
Do not pay immediately: Payment does not guarantee you will receive a working decryption key. Law enforcement discourages payment as it funds further attacks.
Check NoMoreRansom.org: This law enforcement-backed resource provides free decryption tools for many known ransomware variants.
Restore from backup: If you have clean backups, wipe the infected system and restore from backup.
Report to authorities: Report ransomware to your national cybercrime reporting authority.
Frequently Asked Questions
Should I pay ransomware demands?
Law enforcement and security experts generally advise against payment — it funds criminal operations and does not guarantee decryption. Check NoMoreRansom.org for free decryptors before considering payment.
How long does it take to recover from ransomware?
With clean backups, recovery can take hours to days depending on the amount of data. Without backups, recovery may be impossible for encrypted data.
Does antivirus protect against ransomware?
Modern antivirus products detect many known ransomware variants and some behavioral patterns associated with ransomware activity. They provide meaningful protection but are not 100% effective against new variants. Backups are essential because no detection is perfect.
Conclusion
Ransomware defense is fundamentally about backups and prevention. A 3-2-1 backup strategy with at least one offline, disconnected copy provides recovery capability that eliminates the ransomware payment dilemma. Email security practices prevent the phishing delivery that starts most individual ransomware infections. Software updates and Office macro disablement close the vulnerability entry points. Together these create a ransomware posture that is resilient even if defenses are ever breached.