Security Center

Learn about the latest cyber threats and how to protect yourself.

Security Center / Definitions / Ransomware Protection

Ransomware Protection

Ransomware Protection Ransomware is an exceptionally dangerous form of malicious software that has seriously damaged organizations ranging from hospitals to international shipping firms – and has also made life miserable for thousands of people just minding their own business at home. This article explains how ransomware works, and what you can do about it – and explores powerful new ransomware protection tools that give you the upper hand against the criminals who profit from it.

What is Ransomware?

Once installed on your computer, ransomware begins encrypting your files, making it impossible for you to read or use them. The ransomware’s “owners” keep a key they promise will let you remove the encryption and access your files again – but only if you quickly pay them hundreds (or sometimes thousands) of dollars.

You’re typically told to pay using bitcoin cryptocurrency which is extremely hard to trace. That helps protect the criminals against law enforcement, but it also makes you go through the trouble of creating a bitcoin wallet and purchasing the bitcoin itself. And, since ransomware is written by criminals of varying levels of technical competence, there’s no guarantee the decryption will work even if you do pay them.

In 2017, NotPetya ransomware infected the global shipping firm A.P. Moller-Maersk, virtually halting operations and costing the company some $300 million. The same year, the WannaCry ransomware attack against the U.K.’s National Health Service caused the cancellation of more than 19,000 appointments and cost the system £92 million in lost productivity and added IT work.

While some estimates suggest that the volume of ransomware attacks is somewhat lower than in 2017, ransomware still bedevils computer users around the world. For example, in April 2019, Health IT Security reported that the owners of a Michigan healthcare practice have decided to simply retire and shut down after ransomware deleted all their patient files.

How Does Ransomware Infect Your Computer?

Ransomware can infect your computer in many ways. Commonly, criminals embed it into file attachments to email messages written to convince you it’s urgent you open the file. For example, the email might claim the attachment is an invoice, a letter from the IRS or FBI, a message from your bank, or notice of an important delivery.

But that’s not the only way ransomware can get onto your device. It can be delivered through malicious code embedded in images or advertising on infected web pages; smartphone text messages that trick you into navigating to those pages; and via operating system flaws such as those discovered in Microsoft Windows early in 2018.

What Are the Best Methods of Ransomware Protection?

In response, traditional ransomware protection advice involves a heavy dose of common sense:

  • Never open file attachments unless you’re sure they come from a legitimate sender
  • Never plug in stray USB flash drives
  • If you open a file in Microsoft Office that asks to run macros, deny permission
  • Avoid dodgy websites
  • Keep your antivirus program, operating system, and other software up to date
  • Maintain up-to-date backups – and keep them physically separate so ransomware can’t jump across your network to infect those, too. If you have a backup, you can get your files back without paying ransom for them

Beyond Common Sense: New Tools That Outsmart Ransomware

That’s all still great advice -- but it isn’t foolproof. Fortunately, powerful ransomware protection tools now exist to help safeguard you, even when you aren’t paying attention.

For example, Sophos Home doesn’t just watch out for existing versions of ransomware: it also uses advanced deep learning techniques to recognize ransomware-style behavior, so it can catch new kinds of ransomware nobody’s seen before. Sophos Home leverages many of the same advanced security technologies we build into our products for the largest businesses. That includes new ways to halt malicious code hidden inside legitimate applications, and to prevent exploits such as those used by the WannaCry and NotPetya attacks we mentioned earlier.

When Sophos Home detects an attempt to maliciously encrypt your files, it immediately stops the process. Then it rolls back any changes made by the ransomware by replacing the newly-encrypted files with saved backups. Finally, it removes the ransomware itself. You don’t have to do anything – all of this happens automatically. Simply put, Sophos Home tilts the playing field away from the criminals so you and your family can use your devices with more confidence and less fear.

Sophos Home Free includes a free 30-day trial of Premium plus an immediate Advanced Malware Removal to thoroughly clean your computer of any current malware infections.

Download Free Edition