How to protect your computer against ransomware

Last month, the WannaCry ransomware attack made headlines when tens of thousands of computers owned by government agencies and private companies around the world had their files encrypted. The attackers demanded hundreds of dollars to undo the damage on each infected computer, but with no guarantee that paying the ransom would actually accomplish anything, victims were stuck between a rock and a hard place.

While the May attack was big news, it’s hardly the first time attackers have encrypted files on users’ computers and then demanded a big payout for decryption keys, and it certainly won’t be the last. What can you do to avoid having your day ruined by a ransomware attack? Here are five suggestions that will help you avoid not just ransomware, but viruses, spyware, and other nasty things, too.

Stay updated

The WannaCry ransomware used a Microsoft Windows exploit as its main method of spreading and infecting additional computers. Microsoft had previously released a patch to plug that hole on supported versions of Windows, but that didn’t help users whose computers hadn’t been patched, or who were using old, unsupported operating systems like Windows XP.

The lesson here is simple: make sure you keep your operating system updated, and make sure you upgrade by the time an OS reaches end of life. (This can be tricky if you have systems running software that will only function on an older OS; in that case, lock the system down as much as possible to minimize its exposure to the bad guys.)

Be a standard user

When you set up a new Windows installation, the first account you create is by default an administrator account. That makes it easy for you to change things, but it also makes it easier for ransomware and malware to change things.

The solution? Set up the required administrator account and use it for initial configuration, but after that, use it only when necessary to do administrative chores like installing software. For everyday use, log in using a standard user account. If you’ve been using an administrator account, set up a different administrator login on your computer, then change your existing account to a standard user account.

Use antivirus/antimalware software

Windows 10 has built in antivirus protection in the form of Windows Defender, but it doesn’t hurt to run different antivirus and antimalware programs if you prefer. If you’re using an older version of Windows, this is even more important since antivirus was not baked in to the OS.

Does running the latest and greatest security suite guarantee that your computer won’t get hit? Not at all; undisclosed zero-day vulnerabilities are especially difficult to protect against. The goal here is to try to give your computer extra help warding off stuff that you really don’t want installed.

Don’t click that link; don’t open that attachment

In a former tech support job, I got a call one day from an employee who had just gotten a popup message notifying her that her documents had been encrypted. The source of the problem? She received an email with an attachment from an unknown sender, and although she knew something didn’t look exactly right, she opened it anyway.

I wish I could say that story is unusual, but it’s not; if people didn’t open infected attachments, or click on links that say they go one place but actually point somewhere else, the baddies wouldn’t keep sending them to our email addresses!

How do you protect yourself? Mouse over links without clicking them to see where they would actually take you; if an email claims to be from Google, but the link points to a .ru domain, it’s probably bad news. Not expecting a .ZIP file from Uncle Fred? Give him a call and ask if he actually sent something to you.

Most importantly, use common sense. If you take a gallon of milk out of the refrigerator and it smells bad or there’s an unidentified glob of green goo floating in it, you’re not going to drink the milk, right? Use the same logic when you’re using your computer: if something in an email or on a website doesn’t look quite right, it probably isn’t.

Show file name extensions

This one is super easy. Open a Windows Explorer window; going to your Documents folder will do. If you’re using Windows 10, click the View tab in the ribbon and make sure “File name extensions” is checked. On Windows 7, press the Alt key on your keyboard, open the Tools menu, and select Folder options; click the View tab, then make sure “Hide extensions for known file types” is unchecked.

This forces Windows to display the actual file extension for a given file. That doesn’t mean a particular file really is a Word document, but you’ll at least know that it really is named Receipt.doc and not Receipt.doc.exe.

Summary

These five suggestions don’t provide ironclad protection against the bad guys; after all, while we’re figuring out ways to protect ourselves, they’re busy trying to figure out ways to get around our safeguards! Nevertheless, taking a few simple steps can save you a lot of grief down the road.