Regularly back up data stored on your computer, so a ransomware infection wouldn’t destroy your personal data forever.
It's best to create two backup copies: one stored in the cloud (remember to use a service that makes an automatic backup of your files) and one stored physically (portable hard drive, thumb drive, extra laptop, etc.) Disconnect these from your computer when you are done.
Windows and Apple ship their computers with built-in cloud backup functionalities like the regular Windows backup or the Apple Time Machine. Your backup copies will also come in handy should you accidentally delete a critical file or experience a hard drive failure.
Don’t click on links in spam, unexpected or suspicious emails.
Never open attachments in emails from someone you don’t know. Cybercriminals often distribute fake email messages that closely resemble email notifications from an online store, a bank, the police, a court, or a tax collection agency. They lure recipients into clicking on a malicious link that will release the malware into their system.
Be aware that any account can be compromised, and malicious links can be sent from email and social media accounts of friends, colleagues or an online gaming partner. If an attachment you've received from a contact seems suspicious, it's better to ask the sender about it on a trusted channel, such as a phone call.
Avoid sharing personal data.
Cybercriminals planning a ransomware attack will try to gather your personal data in advance, so as to make their trap more convincing. They will do so, for instance, through phishing emails targeting you specifically.
- If you receive a call, text, or email from an untrusted or unverified source that asks for personal information, don't provide it. Always confirm the contact's authenticity.
- If you are contacted by a company asking for information, ignore the request. Instead, contact the company independently, via the contact details on its official website, to verify whether this request is genuine.
Be meticulous with sensitive data.
Sensitive data must be treated differently from day-to-day data.
- Store pictures, business documents, personal data, etc. on separate devices for longer-term storage.
- Remove data when no longer necessary, such as temp files, browser histories, old pictures/texts, etc.
- Ensure all accounts use unique and strong passwords to mitigate the damage if the credentials are released.
- Update your passwords frequently, and consider using a password manager.
- Also, consider storing sensitive files encrypted at the user level (beyond full-disk encryption).
Consider using multi-factor authentication on your important online accounts.
Multi-factor authentication (MFA) is an extra layer of security used to make sure that people trying to gain access to an online service (such as banking, email, or social media accounts) are who they say they are.
After you've entered your username and password, you will be required to provide another piece of information (second step). This information should be something that only you can access, for instance a code sent by text message, or a code generated by an Authenticator.
MFA is available on most of the major online services. While some of them will have it activated by default, in some others you will need to manually switch it on. Check out the security settings of your account (it could also be called 'two-step verification').
Be wary while browsing the internet and do not click on suspicious links, pop-ups, or dialogue boxes.
These are links you don't recognize or don't contain any words that make sense. Clicking on them might download malware to your systems, with the link often not leading to the intended website. If you aren't sure, run the website through a search engine first to see if it really exists.
Browse and download only official versions of software and always from trusted websites.
If you are downloading something on your phone or tablet, make sure you use reputable sources and stores, like the App Store (Apple) or Google Play Store (Android). The best way to determine whether a website is fraudulent is to pay close attention to the URL. The domain name in the URL should match the name of the website. An HTTPS connection and displaying the padlock icon are signs of secure connection, but this doesn't mean you can trust it.
Use robust security products to protect your system from all threats, including ransomware.
Don’t switch off the ‘heuristic functions’ as these help catch samples of ransomware that have not yet been formally detected.
Never connect unfamiliar USB sticks to your systems.
Don’t insert USB or other removal storage devices into your computer if you do not know where they came from. Cybercriminals may have infected the device with ransomware and left it in a public space to lure you into using it.
Use a Virtual Private Network (VPN) when using public Wi-Fi.
When you connect to a public Wi-Fi network, your device is more vulnerable to attacks. To stay protected, avoid using public Wi-Fi for confidential transactions, or use a secure VPN.
Ensure that your security software and operating system are up to date.
When your operating system (OS) or applications release a new version, install it. If the software offers the option of automatically installing updates, take it.
Do not use high privilege accounts (accounts with administrator rights) for daily business.
Admin rights allow users to install new software and control the way the systems operate. Perform daily tasks through a standard user account instead. This will help prevent harming your system if you click on a malicious executable file or if a hacker infiltrates the network.
Enable the ‘Show file extensions’ option in the Windows settings on your computer.
This will make it much easier to spot potentially malicious programs. Stay away from file extensions such as ‘.exe’, ‘.vbs’ and ‘.scr’. Scammers can queue multiple extensions to disguise a malicious executable such as a video, photo, or document (like hot-chics.avi.exe or doc.scr).
Turn on local firewall.
Turn on your local firewall to defend against unauthorized access.
- On Apple devices: System Preferences > Security & Privacy.
- On Windows devices: Start > Settings > Update & Security > Windows Security > Firewall & network protection.
Infected… What to do next?
- 1) If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections (such as home Wi-Fi) — this will prevent the infection from spreading.
- 2) Don’t pay the ransom. You will be financing criminals and encouraging them to continue their illegal activities. There is no guarantee that you will get access to your data or device, and you are more likely to be targeted again in the future.
- 3) Take a photograph or a screenshot of the ransom note presented on your screen.
- 4) If available, use antivirus or anti-malware software to clean the ransomware from your device. You may have to reboot your system into Safe Mode.
- 5) Removing the ransomware will not decrypt your files, but it will let you carry out the following steps without new files becoming encrypted.
- 6) If you had a backup, restore the information, and read our advice to prevent you from becoming a victim again.
- 7) If you do not have a backup, visit www.nomoreransom.org to check whether your device has been infected with one of the ransomware variants for which we have decryption tools available free of charge. The information regarding the ransomware note will be useful in this process.
- 8) Report it to your national police. The more information you provide, the more effectively law enforcement can disrupt the criminal enterprise.