You’re a home or small business user and a dialogue box has just appeared telling you that your Windows PC's files are now encrypted and you have 48 hours to pay £350 ($500) in Bitcoins to get them back. Fail to meet that deadline and the price will rise.
Crypto ransomware targeting Windows turned into a mass phenomenon about five years ago. And by the time you saw the ransom demand, it was too late to pull the plug on the PC to stop further compromise. Your only option was to haul out backups, assuming you had them.Today, the situation has improved a bit, although the right kind of backups is still the number one defence.Today’s antivirus programs are now better tuned to block ransomware, usually by watching for the actions of specific variants while a few even claim they can clean up the mess after the fact. This the second priority – making sure that the system is free of infection before reinstating data.Beyond that, it’s about preparing better defences for future attacks which might be easier than some assume. Although ransom malware almost always uses unbreakable public key encryption to lock files, the number of variants is relatively small at any one time. It is possible that a security programme can be tuned to spot the most active ransomware by watching for known behaviour such as interacting with the filesystem
Obviously, no product can offer 100 percent ransomware removal, not even a fraction of that if we're honest. Businesses and individuals should still operate carefully online, abide by a security best practice and back up their data. But a lot of them will help protect your systems and help you recover as fast as possible with minimal damage to your systems and networks. It needs to be underlined in bold that competent backup is still the single most important defence against ransomware. Without that on hand, simply removing the infection is just a way of getting back the system, not the data that was on it.