What is ransomware and how to help prevent ransomware attacks


Ransomware is a form of malicious software that locks and encrypts a victim’s computer or device data, then demands a ransom to restore access. In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. If the attackers don’t give you the decryption key, you may be unable to regain access to your data or device.

Ransomware defined

The idea behind ransomware, a form of malicious software, is simple: Lock and encrypt a victim’s computer or device data, then demand a ransom to restore access.

In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. And since malware attacks are often deployed by cyberthieves, paying the ransom doesn’t ensure access will be restored.

Ransomware holds your personal files hostage, keeping you from your documents, photos, and financial information. Those files are still on your computer, but the malware has encrypted your device, making the data stored on your computer or mobile device inaccessible.

While the idea behind ransomware may be simple, fighting back when you’re the victim of a malicious ransomware attack can be more complex. And if the attackers don’t give you the decryption key, you may be unable to regain access to your data or device.

Knowing the types of ransomware out there, along with some of the dos and don’ts surrounding these attacks, can go a long way toward helping protect yourself from becoming a victim of ransomware.

How do ransomware attacks work?

Ransomware attacks work by gaining access to your computer or device, and then locking and encrypting the data stored on it. How does this happen? It often happens when victims mistakenly download malware through email attachments or links from unknown sources — which happen to be hackers. 

 Ransomware prevents you from accessing the files stored on your computer. This malicious software essentially holds your files hostage, which can wreak havoc on an extremely broad scale for larger organizations.

While a ransom is demanded, there’s no guarantee your data will be restored if you pay that ransom. Even if you pay, the attackers may never give you the decryption key. This makes ransomware tricky to navigate.

Who are the targets of ransomware attacks?

Ransomware can spread across the internet without specific targets. But the nature of this file-encrypting malware means that cybercriminals also are able to choose their targets. This targeting ability enables cybercriminals to go after those who can — and possibly are more likely to — pay larger ransoms.

Here are four target groups and how each may be impacted.

  • Groups that are perceived as having smaller security teams. Universities fall into this category because they often have less security along with a high level of file-sharing.
  • Organizations that can and will pay quickly. Government agencies, banks, medical facilities, and similar groups constitute this group, because they need immediate access to their files and may be willing to pay quickly to get them. An example of this is the ransomware attack on Colonial Pipeline in 2021. The U.S. fuel pipeline operator had to shut down its entire network and ended up paying the hackers a ransom of $4.4 million in Bitcoin. Some of the ransom was later recovered.
  • Firms that hold sensitive data. Law firms and similar organizations may be targeted, because cybercriminals bank on the legal controversies that could ensue if the data being held for ransom is leaked.
  • Businesses in the Western markets. Cybercriminals go for the bigger payouts, which means targeting corporate entities. Part of this involves focusing on the United Kingdom, the United States, and Canada due to greater wealth and personal-computer use.

How to help protect against ransomware

There are steps you can take to help protect your computer and devices against being infiltrated by ransomware. Here’s a list of tips to remember.

  1. Always back up your data. If you’ve made an external backup of your files, then you should still have access to your data if cybercriminals try to steal and hold it hostage.
  2. Install reliable ransomware protection software.
  3. Stay updated. Keep your operating system, programs, and security software up to date. This helps to protect you against the latest malware with the latest security patches.
  4. Never click on email attachments or links from unknown sources. They could have malware embedded in them.
  5. Be cautious when online. Malicious websites and pop-up ads are just waiting for you to click on them.
  6. Don’t surf the web on public Wi-Fi networks. Using a VPN — short for virtual private network — can help keep your data private.
  7. Never use USB sticks from unknown sources. You don’t want to provide an easy gateway for hackers.

What to do if you’re a victim of ransomware

Victims of ransomware attacks have various possible options to get their data back. Here are three:

  1. Pay the ransom being demanded by the cybercriminals. The problem with this is that cybercriminals are untrustworthy. They may or may not return your data upon payment. Giving in to these types of demands also encourages the cybercriminals to continue engaging in this type of crime.
  2. Try to remove the malicious software, as explained below. One way to do this is with a decryption tool.
  3. Get rid of the malware by resetting your computer to its factory settings. If you’ve backed up your data externally or in the cloud, you likely should be all set.

Can ransomware be removed?

Depending on the type of ransomware you’re dealing with, it is possible to remove file encryption ransomware. To do so, consider taking the following steps.

  1. Remove all internet connections to disable the ransomware from spreading.
  2. Use your internet security software to scan for malicious files and then remove them. Note that this step may be more challenging if you’re the victim of screen-locking ransomware.
  3. You should then be able to use a decryption tool to regain access to your data.
  4. If you have an external backup of your data, you can then restore it.

Dos and don’ts of ransomware

Ransomware is a profitable pursuit for cybercriminals and can be difficult to stop. Prevention is the most important aspect of protecting your personal data. To deter cybercriminals and help protect against a ransomware attack, keep in mind these eight dos and don’ts.

  1. Do use security software. To help protect your data, install and use a trusted security software that offers more than just antivirus features. Some security software can help detect and protect against threats to your identity and your devices, including your mobile phones.
  2. Do keep your security software up to date. New ransomware variants continue to appear, so having up-to-date internet security software will help protect your devices against cyberattacks.
  3. Do update your operating system and other software. Software updates frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
  4. Don’t automatically open email attachments. Email is one of the main methods for delivering ransomware. Avoid opening emails and attachments from unfamiliar or untrusted sources. Phishing spam in particular can fool you into clicking on a legitimate-looking link in an email that actually contains malicious code. The malware then prevents you from accessing your data, holds that data hostage, and demands ransom.
  5. Do be wary of any email attachment that advises you to enable macros to view its content. Once enabled, macro malware can infect multiple files. Unless you are absolutely sure the email is genuine and from a trusted source, delete the email.
  6. Do back up important data to an external hard drive. Attackers can gain leverage over their victims by encrypting valuable files and making them inaccessible. If the victim has backup copies, the cybercriminal loses some advantage. Backup files allow victims to restore their files once the infection has been cleaned up. Ensure that backups are protected or stored offline so that attackers can’t access them.
  7. Do use cloud services. This can help mitigate a ransomware infection, since many cloud services retain previous versions of files, allowing you to “roll back” to the unencrypted form.
  8. Don’t pay the ransom. Keep in mind, you may not get your files back even if you pay a ransom. A cybercriminal could ask you to pay again and again, extorting money from you but never releasing your data.

With new ransomware variants appearing, it’s a good idea to do what you can to minimize your exposure. By knowing what ransomware is and following these dos and don’ts, you can help protect your computer data and personal information against becoming a ransomware target.

Frequently asked questions about ransomware

  • What is ransomware?
    Ransomware is malware that holds your computer or device data hostage. The files are still on your computer, but the ransomware has encrypted them, making the data stored on your computer or mobile device inaccessible.
  • How do ransomware attacks work?
    Hackers use malicious software to lock and encrypt the files on your computer or device. They can then hold those files hostage, disabling you from accessing your data until you pay a ransom. When you do pay, they may or may not give you a decryption key to regain access.
  • What are the different types of ransomware?
    The seven most common types of ransomware are crypto malware, lockers, scareware, doxware, RaaS, Mac ransomware, and ransomware on mobile devices.
  • What happens if you get ransomware?
    If you’re a victim of ransomware, you’ll have to decide if you want to pay the ransom, or if you can remove the malware yourself. The decision might be easier if you’ve backed up your data.
  • Can ransomware be removed?
    It is possible to remove this malicious software manually or to use security software to get rid of it. Part of this involves using a decryption tool.
  • Should you pay the ransom?
    If you can avoid paying the ransom, that would be ideal. Payment not only encourages future criminal activity, but it also doesn’t guarantee you’ll regain access.
  • Can ransomware spread through Wi-Fi?
    Yes. Ransomware can spread through Wi-Fi networks to infect your computers and other devices.

Cyber threats have evolved, and so have we.

Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.

Try Norton 360 with Lifelock.

Alison Grace Johansen
  • Alison Grace Johansen
  • Freelance writer
Alison Grace Johansen is a freelance writer who covers cybersecurity and consumer topics. Her background includes law, corporate governance, and publishing.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.