{"id":5181,"date":"2015-11-30T07:20:06","date_gmt":"2015-11-30T12:20:06","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=5181"},"modified":"2020-02-26T18:59:56","modified_gmt":"2020-02-26T14:59:56","slug":"ransomware-10-tips","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/ransomware-10-tips\/5181\/","title":{"rendered":"10 tips to protect your files from ransomware"},"content":{"rendered":"<p>Ransomware has become one of the most notorious cyberthreats. Once a ransomware Trojan infiltrates your system, it stealthily encrypts your files, including your valuable documents, videos and photos. This entire process runs in the background so the victim is not aware of the problem until it\u2019s too late.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5182\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/12\/05113043\/ransomware-10x10-FB.png\" alt=\"ransomware-10x10-FB\" width=\"1280\" height=\"1280\"><\/p>\n<p>When done with its dirty business, the Trojan informs the user that their files are encrypted. If the victim wants to retrieve their files, they will have to pay a ransom, which is usually several hundreds of dollars, typically paid in\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/what-is-all-this-business-about-bitcoin\/3116\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">bitcoins<\/a>. Many victims of ransomware do not have a strong knowledge or background in technology, so the inconvenience is doubled as they often have to find our what a bitcoins are and then where they can go to obtain them.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">To pay or not to pay \u2013 the dilemma of ransomware victims <a href=\"https:\/\/t.co\/nREhFqfunZ\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/nREhFqfunZ<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/ITsecurity?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ITsecurity<\/a> <a href=\"https:\/\/t.co\/gGW4RdaRwj\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/gGW4RdaRwj<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/660107418555260928?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 30, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>What makes ransomware a particularly vicious scam is that the encrypted files being held ransom are still being stored on the user\u2019s computer. This unto itself is a very sad and frustrating reality as the files are not retrievable without the unique encryption key.<\/p>\n<p>It is becoming obvious that ransomware is a big issue that Internet users should pay more attention to in order to preventing infection. After all, it is much harder to deal with the consequences afterwards.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Are you concerned about <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ransomware<\/a>? NO? you should be. <a href=\"https:\/\/t.co\/T7Vu85aeaM\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/T7Vu85aeaM<\/a> <a href=\"http:\/\/t.co\/rbBSSWP2ao\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/rbBSSWP2ao<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/621670150413099008?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 16, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Here are 10 simple tips to protect your data from ransomware:<\/p>\n<ol start=\"1\">\n<li>Make sure that you\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/call-for-backup\/1387\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">back up<\/a>\u00a0your important files regularly. It is highly recommended that you create two back up copies: one to be stored in the cloud (using services like Dropbox, Google Drive, etc.) and the other recorded to a physical means of storage (portable hard drive, thumb drive, extra laptop, etc.). Once your back up copy is ready, make sure you set up certain restriction for the files: your \u2018Plan B\u2019 device should have only read\/write permissions, without an opportunity to modify or delete the files. Your back up copy could save you in all kinds of circumstances, including the accidental removal of the critical file or drive failure.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">RT <a href=\"https:\/\/twitter.com\/emm_david?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@emm_david<\/a>: 'Police pay <a href=\"https:\/\/twitter.com\/hashtag\/cryptolocker?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#cryptolocker<\/a> ransom <a href=\"http:\/\/t.co\/L4fZ8QpXm6\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/L4fZ8QpXm6<\/a>. Wot, no backup!? <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ransomware<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/403468032024268800?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 21, 2013<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<ol start=\"2\">\n<li>Regularly check that your back up copy is ok. There are times when an accidental failure can inflict damage to your files.<\/li>\n<\/ol>\n<ol start=\"3\">\n<li>Cybercriminal often distribute\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/how-to-avoid-phishing\/6145\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">fake email messages<\/a>\u00a0mimicking email notifications from an online store or a bank, luring a user to click on a malicious link and distribute malware. This method is called\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/phishing-ten-tips\/10550\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">phishing<\/a>. With that in mind, fine-tune your antispam settings and never open attachments sent by an unknown sender.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Want to avoid <a href=\"https:\/\/twitter.com\/hashtag\/phishing?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#phishing<\/a>? <br>10 <a href=\"https:\/\/twitter.com\/hashtag\/tips?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#tips<\/a> you should apply today!<a href=\"https:\/\/t.co\/PGsItglPlu\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/PGsItglPlu<\/a><a href=\"https:\/\/twitter.com\/hashtag\/CyberSecurity?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#CyberSecurity<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/fraud?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#fraud<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/onlline?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#onlline<\/a> <a href=\"https:\/\/t.co\/iR6ax2j7xL\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/iR6ax2j7xL<\/a><\/p>\n<p>\u2014 Kaspersky Lab ME (@KasperskyME) <a href=\"https:\/\/twitter.com\/KasperskyME\/status\/665859307875930113?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 15, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<ol start=\"4\">\n<li>Trust no one, literally. Malicious links can be sent by your friends on social media, your colleague or\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/teslacrypt-20-ransomware\/9314\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">online gaming<\/a>\u00a0partner whose accounts have been compromised in one way or another.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"nl\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/news?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#news<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/gaming?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#gaming<\/a> TeslaCrypt 2.0 ransomware: stronger and more dangerous <a href=\"https:\/\/t.co\/agvUXU5J5t\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/agvUXU5J5t<\/a> <a href=\"http:\/\/t.co\/rIZ1XqfHw6\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/rIZ1XqfHw6<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/620983993685643265?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 14, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<ol start=\"5\">\n<li>Enable \u2018Show file extensions\u2019 option in the Windows settings. This will make it much easier to distinguish potentially malicious files. As Trojans are programs, you should be warned to stay away from file extensions like \u201cexe\u201d, \u201cvbs\u201d and \u201cscr\u201d.You need to keep a vigilant eye on this as many\u00a0<a href=\"http:\/\/www.howtogeek.com\/137270\/50-file-extensions-that-are-potentially-dangerous-on-windows\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">familiar file types can also be dangerous<\/a>. Scammers could use several extensions to masquerade a malicious file as a video, photo, or a document (like hot-chics.avi.exe or doc.scr).<\/li>\n<\/ol>\n<blockquote class=\"twitter-pullquote\"><p>10 tips to protect your files from #ransomware. #security #threats<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fsz1k&amp;text=10+tips+to+protect+your+files+from+%23ransomware.+%23security+%23threats\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<ol start=\"6\">\n<li>Regularly\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/why-bother-with-software-updates\/6863\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">update<\/a>\u00a0your operating system, browser, antivirus, and other programs. Culprits tend to exploit vulnerabilities in software to compromise systems.<\/li>\n<\/ol>\n<ol start=\"7\">\n<li>Use a robust antivirus program to protect your system from ransomware. We recommend\u00a0<a href=\"https:\/\/www.kaspersky.com\/advert\/multi-device-security?redef=1&amp;thru&amp;reseller=gl_kdpost_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Internet Security<\/a>, which prevents viruses from getting into your computer, or, should the virus infiltrate your system after all, protect important files using its\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/tip-of-the-week-cryptoware\/6199\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">special capability<\/a>.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How Kaspersky Internet Security protects from <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ransomware<\/a>: <a href=\"https:\/\/t.co\/KLAe2P8JUp\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/KLAe2P8JUp<\/a> <a href=\"http:\/\/t.co\/cAYsx5Xqu3\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/cAYsx5Xqu3<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/601722194662588417?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">May 22, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<ol start=\"8\">\n<li>If you discover a rogue or unknown process on your machine, cut off the Internet connection immediately. If the ransomware did not manage to erase the encryption key from your computer, there\u2019s still a chance you can restore the files. However, the new strains of this type of malware use a predefined key, so this tip, unfortunately, would not work in that case.<\/li>\n<\/ol>\n<ol start=\"9\">\n<li>If you are unlucky to have your files encrypted, don\u2019t pay the ransom, unless the instant access to some of your files is critical. In fact, each payment fuels this unlawful business which would prosper as long as you pay money.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Criminals behind <a href=\"https:\/\/twitter.com\/hashtag\/CoinVault?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#CoinVault<\/a> ransomware are busted by Kaspersky Lab &amp; Dutch police <a href=\"https:\/\/t.co\/r0mP3LDIgr\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/r0mP3LDIgr<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#infosec<\/a> <a href=\"http:\/\/t.co\/X6ssm0c2UH\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/X6ssm0c2UH<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/644498743023271936?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 17, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<ol start=\"10\">\n<li>If you have been infected by ransomeware, you should try to find out the name of the malware: maybe it\u2019s an older version and it is relatively simple to restore the files. Ransomware used to be less advanced in the past.Moreover, the police and cybersecurity experts (including those working for Kaspersky Lab)\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/criminals-behind-the-coinvault-ransomware-are-busted-by-kaspersky-lab-and-dutch-police\/9886\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">collaborate<\/a>\u00a0to detain the adversaries and provide file restoration tools online. Some people have an opportunity to decrypt their files without having to pay the ransom. To check whether it\u2019s possible, visit\u00a0<a href=\"https:\/\/noransom.kaspersky.com\/\" target=\"_blank\" rel=\"noopener\">kaspersky.com<\/a><\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Had your files locked by the coinvault <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ransomware<\/a>? Try our new decryptor: <a href=\"https:\/\/t.co\/MLK6ZbHKyE\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/MLK6ZbHKyE<\/a><a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#infosec<\/a> <a href=\"http:\/\/t.co\/EqtF7iN2ym\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/EqtF7iN2ym<\/a><\/p>\n<p>\u2014 Kaspersky Lab ME (@KasperskyME) <a href=\"https:\/\/twitter.com\/KasperskyME\/status\/588643104225296384?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 16, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware has become one of the most notorious cyberthreats. Once a ransomware Trojan infiltrates your system, it stealthily encrypts your files, including your valuable documents, videos and photos. This entire<\/p>\n","protected":false},"author":522,"featured_media":5182,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,9],"tags":[1737,191,180,36,192,433,97,521,131,692],"class_list":{"0":"post-5181","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-tips","9":"tag-advice","10":"tag-data","11":"tag-kaspersky-internet-security","12":"tag-malware-2","13":"tag-protection","14":"tag-ransomware","15":"tag-security-2","16":"tag-threats","17":"tag-tips","18":"tag-trojans"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/ransomware-10-tips\/5181\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ransomware-10-tips\/6342\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ransomware-10-tips\/6493\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/ransomware-10-tips\/6415\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/ransomware-10-tips\/7298\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/ransomware-10-tips\/6987\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ransomware-10-tips\/9946\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ransomware-10-tips\/10673\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/ransomware-10-tips\/5866\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/ransomware-10-tips\/6502\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/ransomware-10-tips\/9717\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ransomware-10-tips\/9946\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ransomware-10-tips\/10673\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ransomware-10-tips\/10673\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/advice-2\/","name":"advice"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=5181"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5181\/revisions"}],"predecessor-version":[{"id":16014,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5181\/revisions\/16014"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/5182"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=5181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=5181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=5181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}