What is Ransomware and How can You Prevent It?

Learn how to mitigate risk and stop a ransomware attack.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

As technology evolves, so do the ways hackers use to try and steal information of individuals, corporations, and government entities. Ransomware is one of the tactics used by hackers to steal information and hold that information at a ransom.

While ransomware has been happening for some time, attack sizes and ransom amounts continue to rise. In 2021, ransomware attackers demanded $50 million from tech producer Acer after stealing sensitive documents, customer information, and more. This marked the biggest requested ransom at the time.

Ransomware could permanently damage information stored on affected devices, but you could protect against it. Before you learn how to prevent ransomware, it is crucial to understand what makes ransomware a cybersecurity risk.

In this article
What is ransomware?
How does ransomware work?
How to prevent ransomware
Ransomware detection using an antivirus
Ransomware data recovery
Bottom line

What is ransomware?

Ransomware is malware or malicious software that takes an entity's data and encrypts it, rendering it inaccessible to the user.

This type of attack comes with a request for a ransom to get the information unlocked. In some cases, the victim may pay the ransom to regain access, or they may choose to rebuild the data from backups or other means.

Both solutions might be quite costly for the affected individual or organization. If the ransom is not paid, cybercriminals may leak or reveal sensitive data they stole or simply keep the information locked.

Ransomware history in a nutshell

Ransomware isn’t new. The first known ransomware attack occurred in 1989. This attack, called the AIDS Trojan attack, involved a hacker passing floppy disks to the World Health Organization AIDS conference attendees.

The floppy disks were marketed as informational, but when users put them into their computers, they installed malicious code onto their devices. After 90 attempts to boot, the computer would tell the users that they needed to send $189 to an address in Panama to regain access.

Since that initial ransomware attack, hackers have used the same tactic to steal access and exploit entities for their money.

There are many types of cyberattacks similar to ransomware. However, the main difference is that ransomware involves encrypting data before requesting a sum of money, either in fiat currencies or cryptocurrencies.

How does ransomware work?

A ransomware infection involves infiltrating a system, encrypting the data, and communicating with the victim to demand a ransom to restore access.

The method hackers use to access your system may vary. In 1989, it was floppy disks, but in modern times it could be from phishing emails, software vulnerabilities, websites, or other malware attacks.

For instance, a hacker may be able to infiltrate your company’s website, adding a virus through a line of code that gets your computer infected by a virus.

When someone goes to that website, the code could deliver a malicious payload to their hard drive without their knowledge. It could then encrypt all the computer’s data and spread the code to connected computers.

The attacker then demands a ransom from the user. The ransom amount usually varies, but the terms include ransom payment in exchange for a decryption key. Once the ransom has been requested, the victim might choose to pay it to regain access or ignore it and lose access to any data that has been encrypted.

How to prevent ransomware

A simple way to avoid a ransomware attack is to protect yourself and your systems ahead of time. There are several different ways to protect your devices:

1. Perform periodic backups

One of the tools you could use to protect against ransomware is consistent information backups. These backups could help you regain access to your data without paying a ransom.

2. Avoid malicious links

Malware and ransomware viruses could infect your device in different ways. Malicious emails or suspicious links on websites might allow a virus to infect your system. Only opening links from trusted sources is usually one of the most straightforward ransomware prevention methods.

3. Receive security updates

Many instances of ransomware rely on out-of-date applications or operating systems. It is vital to update your desktop and mobile devices to ensure that your systems are safe. Updating your computer security could help you defend against malware attacks.

4. Use antivirus software

An antivirus or firewall software could help you quickly identify ransomware on your computer and may also help you remove it from your machine.

Ransomware detection using an antivirus

Antivirus or anti-malware software might identify common malware and ransomware viruses and alert users when data on their computers is being encrypted unexpectedly.

These antivirus programs keep a robust list of common malware to help identify any irregularities on your device. Antivirus security software may also offer more in-depth ransomware protection to keep your data secure.

For instance, some ransomware protection includes machine learning and artificial intelligence to help identify small changes in your files or programs that might be initial signs of an attack. Antivirus security tools could also ask you to confirm if programs are trusted to help protect your device.

It is critical to keep your antivirus software up-to-date to maintain its functionality. Ransomware is constantly developing, and ensuring that your antivirus software knows about all new types could help keep your data safe.

Your antivirus software would usually come with an active scanning feature to ensure that your computer is safe. Active scanning allows your antivirus to work consistently to identify any issues as soon as possible.

Having one of the best antivirus software installed on your computer might help you respond more efficiently to an attack. Without antivirus software you may be unaware that your computer has been infected and you might not find out until all of your data is encrypted.

Ransomware data recovery

Your gut instinct might be to pay the ransom as quickly as possible when involved in a ransomware attack to minimize any damage and regain access to your encrypted data.

In some cases the hackers may get the ransom, provide you with the decryption key, and move on. However, the attackers may have other plans, including keeping your data locked after paying the ransom or leaking confidential information to the public.

The FBI does not recommend that victims pay ransoms. It believes that paying ransoms may encourage others to participate in ransomware attacks. They also note that even if you pay the ransom, there is no guarantee you will regain access.

If you are involved in a ransomware attack, you could take a few steps to minimize the damage and slow or stop the attack.

1. Isolate the problem

As soon as you notice a ransomware attack, disconnect the infected computer from the internet and any access to your network. You want to minimize the spread of the ransomware.

2. Stop the ransomware encryption

Once you’ve isolated the problem, you should aim to stop the encryption of your data on your computer. If you already have an antivirus program, it might be able to stop the encryption.

However, ransomware is designed to spread rapidly throughout your computer and system, and once the encryption has started, it may be too late. Turning off your computer might pause the encryption, but it usually restarts when the system is turned back on.

Once the process has started, it might be too late to install antivirus software to stop it. However, installing an antivirus after you regain access to your system would be beneficial.

3. Disconnect your backups

Disconnecting your backup server or other data backups from your computer and network may help protect them during a ransomware attack. If your backups are intact and offline from your wired or Wi-Fi network, you may be able to bypass the need for a decryption key.

4. Find a decryption key

It might be possible to find a decryption key to combat the ransomware in some cases. If it is common ransomware, there is a chance that the decryption key has been discovered and is available online.

Antivirus tools and websites, such as ID Ransomware, might help determine the type of malware and identify a decryption key. These tools keep a catalog of common ransomware variants and their decryption keys.

5. Get professional help

You may need professional help in the wake of a ransomware attack. A professional service might be able to regain access to your data if you were unable to.

Depending on your situation, you could also consider hiring a cybersecurity professional to help identify ways to protect you from cyber threats in the future. It is also essential that you contact the FBI or local police if ransomware attacks you.

6. Reset your computer (if backups are available)

If you have backups of your data available, you could reset your device to factory settings. This may remove any ransomware threat and give you a clean slate.

Keep in mind that even though resetting your computer may give you a second chance, you could still be susceptible to a ransomware attack again if you don’t protect your information.



What happens in a ransomware attack?

In a ransomware attack, your device is infected with malware that allows the attacker to encrypt your data. This leaves you unable to access the data. The attackers then request a ransom in exchange for a decryption key that would allow you to regain access to your data.


Can you get rid of ransomware?

Removing ransomware from your devices using antivirus software or other decryption tools is possible. Removing the ransomware before reconnecting your computer or laptop to any network is vital.


Is paying ransomware illegal?

Paying a ransom requested by ransomware is not illegal. However, the FBI discourages doing so. According to the FBI, paying a ransom doesn’t guarantee that you’d gain access to your data and may encourage more ransomware attacks.

Bottom line

A ransomware attack could be a stressful and costly experience for any individual or organization. It is important for people and companies to know how to prevent a ransomware attack and how to respond to an attack if one happens.

Suppose you do come across a malware attack. In that case, it is important to minimize the damage to your data by isolating the malware, removing it from your computer, and reporting the attack to local or federal authorities.

The easiest way to avoid ransomware is to be stringent about your online security. Don’t click unknown links, be cautious about phishing attacks and unrecognized emails, and be mindful of the websites you visit.

Comprehensive Protection With Database Updates Every 3 Hours
Editorial Rating
Learn More
On Surfshark AntiVirus's website
Antivirus Software
Surfshark AntiVirus
Up to 80% off + 2 months free
  • Powerful app that offers 24/7 virus and malware protection that won’t hog your CPU or RAM
  • Includes webcam protection, fully customizable security, full or quick scans, and more
  • Compatible with Windows, Mac, and Android on unlimited devices
  • No standalone antivirus plan

Author Details
Andrew Strom Adams is a freelance writer focused on online privacy and digital security. He writes on various topics to help individuals protect themselves on the internet. Andrew has worked in legal marketing, technology, and startups. He has more than 12 years of experience in marketing and communications. He holds an M.B.A. from Westminster College and a B.A. in journalism from Oklahoma Baptist University. When he’s not writing, he’s playing with his two kids or watching reality TV.