How to Protect Against Ransomware Attacks
Ransomware encrypts your files and demands payment for the decryption key. It's one of the most damaging cyber threats, but strong preparation can protect you.
Overview
Ransomware attacks increased dramatically in recent years, targeting businesses and individuals alike. The average ransom demand is thousands of pounds, but the real cost is in downtime and data loss.
Step 1: Prevention Measures
The best defence against ransomware is preventing it from getting in.
Email Security
- Don't open attachments from unknown senders
- Be suspicious of unexpected attachments even from known contacts
- Hover over links to check URLs before clicking
- Be wary of emails creating urgency: 'Invoice overdue', 'Account suspended'
- Enable email filtering and anti-phishing protection
- When in doubt, contact the sender through a different channel to verify
Software Security
- Keep operating system and all software up to date
- Enable automatic updates on all devices
- Remove software you no longer use
- Only download from official sources and app stores
- Disable macros in Microsoft Office by default
- Use a reputable antivirus with real-time protection
Network Security
- Enable your firewall (Windows Firewall or Mac Firewall)
- Use strong, unique passwords for all accounts
- Enable two-factor authentication everywhere possible
- Disable Remote Desktop Protocol (RDP) unless specifically needed
- Segment your network — keep IoT devices on a separate network
RDP is one of the most common entry points for ransomware. If you must use it, require VPN access and use strong authentication.
Enable Controlled Folder Access (Windows)
- Settings → Windows Security → Virus & threat protection
- Click 'Manage ransomware protection'
- Turn ON 'Controlled folder access'
- This prevents unauthorised apps from modifying protected folders
- Add additional folders you want to protect
- Whitelist trusted applications that need access
Step 2: Backup Strategy
Reliable backups are your ultimate ransomware insurance.
Implement 3-2-1 Backup Rule
- 3 copies of your data (original + 2 backups)
- 2 different storage types (e.g., external drive + cloud)
- 1 copy offsite (cloud backup or physically separate location)
- At least one backup should be offline (disconnected when not backing up)
- Ransomware can encrypt connected backup drives
If your backup drive is always connected to your computer, ransomware WILL encrypt it too. Always disconnect external backup drives after backup completes.
Set Up Automated Backups
- Windows: Use File History (Settings → Update & Security → Backup)
- Mac: Use Time Machine with an external drive
- Cloud backup: Consider Backblaze, Carbonite, or iDrive
- Business: Use Veeam or similar enterprise backup solution
- Test restoring from backup quarterly — untested backups may fail
Version Your Backups
- Keep multiple versions of files (not just the latest)
- If ransomware encrypts files before you notice, the latest backup may contain encrypted files
- File History and Time Machine keep versions automatically
- Cloud services like OneDrive and Dropbox keep file versions
- Retain at least 30 days of backup history
Step 3: If You're Hit by Ransomware
Time-critical steps if ransomware strikes.
Immediate Response
- Disconnect the infected device from the network IMMEDIATELY
- Do NOT turn off the computer — some decryption keys are in memory
- Disconnect external drives and network storage
- Note the ransom message — screenshot it if possible
- Do NOT pay the ransom — there's no guarantee of decryption
Report and Recover
- Report to Action Fraud (actionfraud.police.uk) or call 0300 123 2040
- Report to the National Cyber Security Centre (ncsc.gov.uk)
- Check nomoreransom.org for free decryption tools
- Restore from your most recent clean backup
- If no backup, consult a professional data recovery service
- Change all passwords after recovery
Need Professional Help?
Our engineers provide expert assistance with setup, troubleshooting, and ongoing support for businesses and individuals across Cornwall.