ProtonBlog(new window)
what is ransomware

What is ransomware and how do you prevent it?

Share this page

Ransomware is one of the more common and dangerous forms of cybercrime, but what is ransomware exactly? In this article we’ll explain how it works, and what you can do to prevent becoming the victim of a ransomware attack — and how to recover if you ever are.

What is ransomware?

Ransomware is a type of malware that infiltrates your device, then encrypts(new window) your files, folders, or even the entire drive so you can no longer access them. The only way to decrypt your data is to pay a ransom (usually in the form of cryptocurrency) to the attackers. It’s extortion, plain and simple: If you don’t pay, your files are locked away forever or even destroyed.

To give you an idea of how common, and how serious, the problem of ransomware is, the American insurance company Corvus reports(new window) that attacks were up 95% in 2023 compared to 2022, and this number is expected to rise. According to Corvus, last year there were as many as 4,000 victims reported on dark web sites(new window); there are likely thousands more. The number of victims over the past two decades, when ransomware first became mainstream, is almost impossible to calculate.

How does ransomware work?

Ransomware is a kind of malicious software that infects your computer, often as a Trojan horse virus (usually just called a Trojan). Trojans are so named because they’re disguised as something else — a handy program, a useful PDF, or important spreadsheet — and once on your hard drive will reveal their true nature. 

Where many computer viruses exist to extract information or simply to cause havoc, a ransomware virus will instead encrypt either an entire hard drive or parts of it. When the victim tries to access the computer or the folder, they receive a message that the files are encrypted and that a sum must be paid to either a bank account or, more likely, a crypto wallet.

Example of ransomware

Once the victim gets the money or cryptocurrency together and transfers it, the attacker then sends a password that should once again decrypt the drive or folders. However, in practice it often doesn’t happen this way, and many victims don’t receive a password upon payment. 

As a result, it’s best not to pay ransomware attackers. If they could be trusted to uphold their end of the bargain it could be something you could risk, but that’s usually not the case. According to research done by Sophos(new window), roughly 50% of companies that paid up actually got their data back. The rest did not.

That’s not great odds to begin with, but there’s also the risk of establishing a reputation as someone who pays attackers. According to one study(new window), at least 80% of companies that paid were attacked again, often by the same group that targeted them the first time. As a result, it’s much better to prevent attacks instead, or at least make sure you can recover from them more easily.

How to protect against ransomware

Protecting and dealing with ransomware needs a two-pronged approach: On the one hand you need to make sure you don’t get infected, and on the other you have to have systems in place in case you do.

How to prevent ransomware infection

Prevention is better than any cure, so let’s start there. Since ransomware is almost always a virus, you want to make sure you don’t download strange files, especially from unknown sources. 

The biggest threat to be aware of is phishing(new window), in which an attacker will contact you impersonating a person or institution you normally trust. The aim is usually to get you to give up personal information, or in the case of ransomware, get you to download the virus. Always verify whom you’re dealing with.

On top of that, never download files unless you know what they contain. That goes for unexpected emails, text messages, and websites. Fake sites are a popular way to distribute all kinds of malware, so check you’re on a legitimate site before downloading any files.

Backups and versioning

Of course, in any organization people make mistakes, and you can never rule out a successful ransomware attack. If a ransomware attack does pass your defenses, there is another option besides paying. You can ignore the attack, overwrite the hard drive, and then reinstall from an existing backup.

For this, you need a cloud storage(new window) service that can perform backups of vital files by syncing them. But the service needs to go one step further: The backups also need to create versions of files for every sync. This is because when attackers encrypt a file, that’s the version that gets uploaded to the cloud; with versioning, you can just roll back to an earlier version.

Proton Drive can do both these things. Through our syncing feature(new window) on both the Windows and macOS desktop app, you can sync any file or folder from your device. Any time you make a change to those files, a new version is created, which you can then recall through our version history feature. If you get hit with a ransomware attack, you just wipe the hard drive, restore your files, and get back to work, no ransom paid.

Besides protecting files from ransomware, Proton Drive also keeps them safe from more direct attacks. For example, it uses end-to-end encryption(new window), which prevents anybody but you from seeing what’s in your files. We also don’t have access to your passwords. Taken together, this means you and your business are at far less risk of a breach than with other cloud storage services that don’t use end-to-end encryption.

If better security, smarter backups, and improved privacy sound like something you need, then try out Proton Drive for free.

Protect your privacy with Proton
Create a free account

Share this page

Fergus O'Sullivan(new window)

Fergus has been a writer, journalist, and privacy advocate for close to a decade. In that time he has run investigations of the privacy industry, written on policy, and reviewed more programs and apps than you can shake a stick at. Before starting work at Proton, he worked for publications such as How-to Geek and Cloudwards, as well as helping host events at conferences like RightsCon.

Related articles

How to share a PDF
Sharing a PDF with coworkers, friends, or family members can sometimes be trickier than it seems if you’re trying to share a large file or if you want to use secure encryption. In this article, we show you how to share any PDF quickly, easily, and se
Proton Pass for Windows
Proton Pass is launching its new app for Windows, allowing you to access our password manager from your desktop. As one of our community’s most requested features, it’s available to everyone starting today. Proton Pass is the centerpiece of our effo
password policy
Businesses are increasingly dealing with the fallout from cybercrime: The number of attacks is on the rise and the damage done is growing exponentially. One of the most common vulnerabilities for organizations are their passwords. Since they are your
How to free up disk space
If you’ve ever owned an electronic device of any kind, you know the struggle of running out of space. No matter if it’s a smartphone, laptop, or desktop computer, there never seems to be enough room for all your files. Let’s show you some simple ways
What is 3-2-1 backup
Data backup is vital for businesses and individuals alike: In case something happens to your primary computer, you always have a copy of your data to fall back on.  How should you approach backup, though? The 3-2-1 rule can act as a guide when decid
What was your first pet’s name? In what city were you born?  We’ve all had to answer these questions to reset a long-forgotten password, but consider how that works. Much of this information is easy to find for others (or easily forgotten by you), m