{"id":10673,"date":"2015-11-30T09:56:34","date_gmt":"2015-11-30T14:56:34","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/?p=10673"},"modified":"2020-02-26T18:58:15","modified_gmt":"2020-02-26T16:58:15","slug":"ransomware-10-tips","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/ransomware-10-tips\/10673\/","title":{"rendered":"10 tips to protect your files from ransomware"},"content":{"rendered":"<p>Ransomware has become one of the most notorious cyberthreats. Once a ransomware Trojan infiltrates your system, it stealthily encrypts your files, including your valuable documents, videos and photos. This entire process runs in the background so the victim is not aware of the problem until it\u2019s too late.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2015\/11\/06023616\/ransomware-10x10-FB.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-10674 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2015\/11\/06023616\/ransomware-10x10-FB.png\" alt=\"10 tips to protect your files from ransomware\" width=\"1280\" height=\"1280\"><\/a><\/p>\n<p>When done with its dirty business, the Trojan informs the user that their files are encrypted. If the victim wants to retrieve their files, they will have to pay a ransom, which is usually several hundreds of dollars, typically paid in <a href=\"https:\/\/www.kaspersky.co.za\/blog\/what-is-all-this-business-about-bitcoin\/3116\/\" target=\"_blank\" rel=\"noopener noreferrer\">bitcoins<\/a>. Many victims of ransomware do not have a strong knowledge or background in technology, so the inconvenience is doubled as they often have to find our what a bitcoins are and then where they can go to obtain them.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">To pay or not to pay \u2013 the dilemma of ransomware victims <a href=\"https:\/\/t.co\/nREhFqfunZ\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/nREhFqfunZ<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/ITsecurity?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ITsecurity<\/a> <a href=\"https:\/\/t.co\/gGW4RdaRwj\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/gGW4RdaRwj<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/660107418555260928?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 30, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>What makes ransomware a particularly vicious scam is that the encrypted files being held ransom are still being stored on the user\u2019s computer. This unto itself is a very sad and frustrating reality as the files are not retrievable without the unique encryption key.<\/p>\n<p>It is becoming obvious that ransomware is a big issue that Internet users should pay more attention to in order to preventing infection. After all, it is much harder to deal with the consequences afterwards.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Are you concerned about <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ransomware<\/a>? NO? you should be. <a href=\"https:\/\/t.co\/T7Vu85aeaM\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/T7Vu85aeaM<\/a> <a href=\"http:\/\/t.co\/rbBSSWP2ao\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/rbBSSWP2ao<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/621670150413099008?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 16, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Here are 10 simple tips to protect your data from ransomware:<\/p>\n<ol start=\"1\">\n<li>Make sure that you <a href=\"https:\/\/www.kaspersky.co.za\/blog\/call-for-backup\/1387\/\" target=\"_blank\" rel=\"noopener noreferrer\">back up<\/a> your important files regularly. It is highly recommended that you create two back up copies: one to be stored in the cloud (using services like Dropbox, Google Drive, etc.) and the other recorded to a physical means of storage (portable hard drive, thumb drive, extra laptop, etc.). Once your back up copy is ready, make sure you set up certain restriction for the files: your \u2018Plan B\u2019 device should have only read\/write permissions, without an opportunity to modify or delete the files. Your back up copy could save you in all kinds of circumstances, including the accidental removal of the critical file or drive failure.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">RT <a href=\"https:\/\/twitter.com\/emm_david?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@emm_david<\/a>: 'Police pay <a href=\"https:\/\/twitter.com\/hashtag\/cryptolocker?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#cryptolocker<\/a> ransom <a href=\"http:\/\/t.co\/L4fZ8QpXm6\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/L4fZ8QpXm6<\/a>. Wot, no backup!? <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ransomware<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/403468032024268800?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 21, 2013<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<ol start=\"2\">\n<li>Regularly check that your back up copy is ok. There are times when an accidental failure can inflict damage to your files.<\/li>\n<\/ol>\n<ol start=\"3\">\n<li>Cybercriminal often distribute <a href=\"https:\/\/www.kaspersky.co.za\/blog\/how-to-avoid-phishing\/6145\/\" target=\"_blank\" rel=\"noopener noreferrer\">fake email messages<\/a> mimicking email notifications from an online store or a bank, luring a user to click on a malicious link and distribute malware. This method is called <a href=\"https:\/\/www.kaspersky.co.za\/blog\/phishing-ten-tips\/10550\/\" target=\"_blank\" rel=\"noopener noreferrer\">phishing<\/a>. With that in mind, fine-tune your antispam settings and never open attachments sent by an unknown sender.<\/li>\n<\/ol>\n<ol start=\"4\">\n<li>Trust no one, literally. Malicious links can be sent by your friends on social media, your colleague or <a href=\"https:\/\/www.kaspersky.co.za\/blog\/teslacrypt-20-ransomware\/9314\/\" target=\"_blank\" rel=\"noopener noreferrer\">online gaming<\/a> partner whose accounts have been compromised in one way or another.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"nl\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/news?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#news<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/gaming?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#gaming<\/a> TeslaCrypt 2.0 ransomware: stronger and more dangerous <a href=\"https:\/\/t.co\/agvUXU5J5t\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/agvUXU5J5t<\/a> <a href=\"http:\/\/t.co\/rIZ1XqfHw6\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/rIZ1XqfHw6<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/620983993685643265?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 14, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<ol start=\"5\">\n<li>Enable \u2018Show file extensions\u2019 option in the Windows settings. This will make it much easier to distinguish potentially malicious files. As Trojans are programs, you should be warned to stay away from file extensions like \u201cexe\u201d, \u201cvbs\u201d and \u201cscr\u201d.You need to keep a vigilant eye on this as many <a href=\"http:\/\/www.howtogeek.com\/137270\/50-file-extensions-that-are-potentially-dangerous-on-windows\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">familiar file types can also be dangerous<\/a>. Scammers could use several extensions to masquerade a malicious file as a video, photo, or a document (like hot-chics.avi.exe or doc.scr).<\/li>\n<\/ol>\n<ol start=\"6\">\n<li>Regularly <a href=\"https:\/\/www.kaspersky.co.za\/blog\/why-bother-with-software-updates\/6863\/\" target=\"_blank\" rel=\"noopener noreferrer\">update<\/a> your operating system, browser, antivirus, and other programs. Culprits tend to exploit vulnerabilities in software to compromise systems.<\/li>\n<\/ol>\n<ol start=\"7\">\n<li>Use a robust antivirus program to protect your system from ransomware. We recommend <a href=\"https:\/\/www.kaspersky.com\/advert\/multi-device-security?redef=1&amp;thru&amp;reseller=gl_kdpost_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Internet Security<\/a>, which prevents viruses from getting into your computer, or, should the virus infiltrate your system after all, protect important files using its <a href=\"https:\/\/www.kaspersky.co.za\/blog\/tip-of-the-week-cryptoware\/6199\/\" target=\"_blank\" rel=\"noopener noreferrer\">special capability<\/a>.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How Kaspersky Internet Security protects from <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ransomware<\/a>: <a href=\"https:\/\/t.co\/KLAe2P8JUp\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/KLAe2P8JUp<\/a> <a href=\"http:\/\/t.co\/cAYsx5Xqu3\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/cAYsx5Xqu3<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/601722194662588417?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">May 22, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<ol start=\"8\">\n<li>If you discover a rogue or unknown process on your machine, cut off the Internet connection immediately. If the ransomware did not manage to erase the encryption key from your computer, there\u2019s still a chance you can restore the files. However, the new strains of this type of malware use a predefined key, so this tip, unfortunately, would not work in that case.<\/li>\n<\/ol>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kis-trial-ransomware\">\n<ol start=\"9\">\n<li>If you are unlucky to have your files encrypted, don\u2019t pay the ransom, unless the instant access to some of your files is critical. In fact, each payment fuels this unlawful business which would prosper as long as you pay money.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Criminals behind <a href=\"https:\/\/twitter.com\/hashtag\/CoinVault?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#CoinVault<\/a> ransomware are busted by Kaspersky Lab &amp; Dutch police <a href=\"https:\/\/t.co\/r0mP3LDIgr\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/r0mP3LDIgr<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#infosec<\/a> <a href=\"http:\/\/t.co\/X6ssm0c2UH\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/X6ssm0c2UH<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/644498743023271936?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 17, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<ol start=\"10\">\n<li>If you have been infected by ransomeware, you should try to find out the name of the malware: maybe it\u2019s an older version and it is relatively simple to restore the files. Ransomware used to be less advanced in the past.Moreover, the police and cybersecurity experts (including those working for Kaspersky Lab) <a href=\"https:\/\/www.kaspersky.co.za\/blog\/criminals-behind-the-coinvault-ransomware-are-busted-by-kaspersky-lab-and-dutch-police\/9886\/\" target=\"_blank\" rel=\"noopener noreferrer\">collaborate<\/a> to detain the adversaries and provide file restoration tools online. Some people have an opportunity to decrypt their files without having to pay the ransom. To check whether it\u2019s possible, visit <a href=\"https:\/\/noransom.kaspersky.com\/\" target=\"_blank\" rel=\"noopener\">kaspersky.com<\/a><\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Had files locked by the coinvault ransomware? Try our new decryptor! \u2013 <a href=\"https:\/\/t.co\/i3y8tf0zYS\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/i3y8tf0zYS<\/a> <a href=\"http:\/\/t.co\/cb6uuHEaD9\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/cb6uuHEaD9<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/587635184561954817?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 13, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here are some simple yet effective ways to protect your files from infection by ransomware.<\/p>\n","protected":false},"author":522,"featured_media":10675,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,9],"tags":[1852,191,180,36,192,420,97,422,131,723],"class_list":{"0":"post-10673","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-tips","9":"tag-advice","10":"tag-data","11":"tag-kaspersky-internet-security","12":"tag-malware-2","13":"tag-protection","14":"tag-ransomware","15":"tag-security-2","16":"tag-threats","17":"tag-tips","18":"tag-trojans"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ransomware-10-tips\/10673\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/ransomware-10-tips\/5181\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ransomware-10-tips\/6342\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ransomware-10-tips\/6493\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/ransomware-10-tips\/6415\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/ransomware-10-tips\/7298\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/ransomware-10-tips\/6987\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ransomware-10-tips\/9946\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ransomware-10-tips\/10673\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/ransomware-10-tips\/5866\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/ransomware-10-tips\/6502\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/ransomware-10-tips\/9717\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ransomware-10-tips\/9946\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ransomware-10-tips\/10673\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/ransomware\/","name":"Ransomware"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/10673","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=10673"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/10673\/revisions"}],"predecessor-version":[{"id":26623,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/10673\/revisions\/26623"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/10675"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=10673"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=10673"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=10673"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}