Blackmail Trojans, so-called "ransomware", encrypt the files on your hard drive and only release them again when you transfer a "ransom" - if at all. Under the names WannaCry, Bad Rabbit or Locky, the Trojans terrify Windows users. But you can protect yourself from the virtual hostage-taking! We'll show you how you can protect Windows 10 against ransom trojans.
Use virus protection and Windows updates
Basically, the same security measures apply to ransomware as to "traditional" malware: Do not open any files that you have obtained from unknown e-mail senders or from possibly unsafe download sources and keep your Windows up to date using the update function . Windows 10 automatically installs critical security updates. To ensure that the system is up to date, open "Settings" from the start menu. Here you navigate to the "Update and Security" area and manually search for updates if necessary. You can find detailed instructions for performing manual updates with Windows 10 in this tips + tricks article. Microsoft regularly closes various gateways for malware via patches - it is negligent to forego the corresponding updates.
Also a running virus protection is a must . In the meantime, even the Windows Defender integrated in Windows 10 ensures a decent level of security. Current security suites from companies such as Eset, Bitdefender or G-Data go one step further. In their current versions, these often offer extended protection against blackmail Trojans. The virus scanners warn when running programs want to manipulate system-critical folders and prevent access to the data..
How to use the integrated folder protection of Windows 10
With the Fall Creators Update published in September, Windows 10 received a native protection mechanism against encryption Trojans. The "Protected Folders" function ensures that programs - and thus encryption Trojans too - can no longer manipulate certain areas on the hard drive. In practice, this means a little less convenience, but important folders are safe from ransomware.
If you have already installed the update, you will need to activate the protection manually . To do this, proceed as follows:
Perform regular backups
Despite all precautionary measures: The best protection against encryption Trojans is and remains a current Windows backup . In an emergency, you can restore a functioning Windows environment without malware with little effort and only lose the data that you have edited since the last backup. Windows 10 has two backup solutions on board in the form of the file version history and the integrated image backup - unfortunately, both are not activated at the factory. To change this, open the system settings and navigate to the "Update and Security - Backup" menu. Here you can use the wizard to set up the Windows 10 file history. The link “Switch to backup and restore (Windows 7)” takes you to the image backup, which is still based on the older Windows versions. Here, too, an assistant will help you set up the backup.A detailed guide on how to create backups with Windows 10 can be found in this article..
If the possibilities of the Windows standard tools are not enough for you, you can also switch to third-party tools. Even free solutions such as Macrium Reflect or EaseUS ToDo Backup offer sufficient functions to back up Windows hard drives and restore them if necessary.
Important : Make sure to use an external target (such as a USB hard drive) for the backup that is not permanently connected to the PC. Since modern encryption Trojans are increasingly plunging themselves onto USB and even network drives, this is the only way to prevent your backups from being hijacked as well.
Back up important data in the cloud
Cloud storage services such as Dropbox, OneDrive or Google Drive offer excellent protection against encryption Trojans . The reason: Even in the free offers, almost all services allow you to restore previous versions of a file. In practice this means: If an encryption Trojan hijacks your files, you can retrieve them via the online storage without paying a cent. The procedure is usually always the same: Log into your cloud account via your browser. Here you navigate to the folder with the encrypted files and call up the options via the menu or a right-click. Now look for an option like “Restore previous version” or “Version history” and get the unencrypted file back.
If you are reluctant to entrust your personal documents to commercial providers such as Dropbox or Google Drive, you can also host your own cloud . Solutions such as OwnCloud or NextCloud allow you to set up self-hosted cloud storage on rented web space. This means more effort, but also protects privacy.
Encryption Trojans: What To Do If It's Already Too Late?
As you can see, with a little effort, you can protect yourself efficiently against the dangers of blackmail trojans. But what if it's too late and your PC has caught some nasty encryption malware? In this case, you should of course immediately stop using the infected computer and remove it from your home network .
The second important rule is: Under no circumstances should you comply with the demands of the virtual hijackers! There are countless cases in which ransomware victims have paid the required Bitcoin sums but still haven't got their data back. If an encryption Trojan has caught your PC, you should therefore remain calm. Ideally, security experts develop a tool that can bypass the encryption routines and secure your data.
The No More Ransom initiative , the Federal Office for Security and Information Technology and the security reports on Heise Security provide first aid in the event of ransomware infestation . There is no guarantee that you will be able to free your PC from the clutches of ransomware, but at least there is a chance.
If that is not the case, you will not get around a clean reinstallation of Windows 10 for better or worse . Ideally, you can then restore your data from the cloud or a backup. If this is not the case, you can at least provide for the future and secure your data from Locky, WannaCry and their descendants.