Ransomware attacks often make headlines, and the worst part is that they target regular people, not just big corporations. Cybercriminals evolve their tactics, but protection doesn’t have to be complicated or expensive. These straightforward tips can help keep ransomware at bay.
6
Use a Reliable Antivirus Solution
Miker Rivero/MakeUseOf/TippaPatt/Rawpixel/Shutterstock
A reliable antivirus solution is your first defense against ransomware. While Windows Defender offers decent protection, third-party options from Bitdefender, Kaspersky, or Norton provide enhanced ransomware shields with real-time monitoring. The key is choosing software that actively scans for suspicious file behavior, not just known malware signatures.
More importantly, keep your antivirus updated. Ransomware evolves daily, and outdated virus definitions leave you vulnerable to new threats. Most antivirus programs update automatically, but double-check those settings. If you’ve already realized you downloaded a virus, an up-to-date antivirus can still help contain the damage before ransomware encrypts your files.
Despite these benefits, performance concerns shouldn’t deter you from using antivirus protection. Yes, some security software can slow down your system, but if your PC runs slow after installing an antivirus, check out our guide on how to optimize your PC’s performance. The protection outweighs minor speed impacts, especially when ransomware can destroy everything you’ve worked on.
Related
I Always Enable Ransomware Protection on Windows: You Should Too
Don’t get caught unprotected.
You can also use online tools like VirusTotal to scan downloaded files before opening them. This free service checks files against multiple antivirus engines simultaneously. Be particularly vigilant with file types like PDFs and compressed files, which are often used to hide viruses. Executables, scripts, and macro-enabled documents are also favorites for ransomware distribution.
5
Create Regular, Disconnected Backups of Your Data
RerF_Studio / Shutterstock
Creating regular backups might seem tedious, but it’s your best insurance against ransomware. The 3-2-1 rule remains the gold standard: keep three copies of your important data, store them on two different media types, and keep one copy off-site. This strategy helps; even if ransomware strikes, you’ll have clean copies to restore from.
The “disconnected” part is compulsory—ransomware can’t encrypt what it can’t reach. Therefore, you must unplug external hard drives after backups are complete. Cloud storage works well for off-site backups, but consider using services with versioning to recover from ransomware that may encrypt files. Luckily, there are simple ways to back up your data safely that won’t break the bank.
Automation makes consistency easier. You should set up scheduled backups to back up your entire digital life without thinking about it. Windows File History, Time Machine for Mac, or other third-party solutions can automatically handle this.
4
Be Cautious With Email Attachments and Links
Email is one of ransomware’s favorite delivery methods, and cybercriminals are creative with their tactics. That urgent invoice or shipping notification from an unfamiliar email address might be a cleverly disguised attack. Always verify sender addresses carefully. Hovering over email addresses and links often reveals suspicious domains that don’t match the supposed sender.
Before clicking any link or downloading attachments, pause and think about it. We know legitimate companies rarely send unexpected attachments or demand immediate action through email links. When in doubt, contact the sender through a different channel to verify. You can also block phishing emails from your inbox using built-in email filters and security features.
The same caution applies to software downloads. Ransomware often hides in pirated programs, so don’t download cracked software—the “free” version might cost you all your data. Stick to official sources and verified publishers. If an email attachment seems even slightly suspicious, delete it. It’s better safe than encrypted.
3
Use Strong Authentication for All Your Accounts
tete_escape/Shutterstock
Strong authentication can be a good barrier against ransomware attacks that begin with compromised accounts. Using unique, complex passwords for each service prevents attackers from pivoting between accounts if one gets breached. Password managers make this manageable, as they generate and store strong credentials.
Two-factor authentication (2FA) adds necessary protection, but not all methods are equal. While any 2FA beats none, relying on SMS 2FA can be risky due to SIM-swapping attacks.
Authenticator apps like Google Authenticator or Authy provide more secure alternatives, and hardware security keys offer the strongest defense against account takeover attempts.
Equally important, don’t forget about recovery options. You should secure your backup codes and recovery emails with the same vigilance as your primary accounts. Ransomware operators often target email accounts first, and then use them to reset passwords and gain broader access. Regular security checkups to review active sessions and connected apps help catch unauthorized access early.
2
Segment Your Network to Limit the Spread of Attacks
Network segmentation might sound technical, but it’s simply dividing your network into separate zones. Think of it as creating compartments—if ransomware infects one area, it can’t easily spread to others. This containment strategy limits damage significantly, especially in home networks with multiple devices.
Basic network segmentation starts with guest networks. Most modern routers offer this feature, which allows creating isolated networks for visitors or less-trusted devices. Put smart home gadgets, security cameras, and IoT devices on separate networks from your computers and phones. This way, a compromised smart bulb can’t provide access to your work laptop.
For more robust protection, consider VLANs (Virtual Local Area Networks) to segment your home network. While slightly more complex, VLANs create truly isolated network segments. You can separate work devices, PCs, and entertainment systems. Some advanced routers and managed switches support this feature without requiring enterprise-grade equipment.
Segmentation works best when combined with strong passwords for each network segment. Change default router credentials, use WPA3 encryption when available, and regularly update router firmware. These layers make it much harder for ransomware to move laterally.
1
Disable Unnecessary Features and Services
Every unnecessary service running on your computer represents a potential entry point for ransomware. The more features you have enabled, the larger your attack surface becomes. Reducing this surface by disabling unused services decreases vulnerabilities that ransomware can exploit to gain initial access.
Remote Desktop Protocol (RDP) is a prime target for ransomware attacks. Disable it completely unless you specifically need remote access. File and printer sharing services also pose risks when left open unnecessarily. Turn off network discovery and public folder sharing if you’re not actively using them, as these features often remain enabled by default.
Windows comes packed with unnecessary Windows programs that can create security gaps. Services like Windows Script Host, PowerShell remoting, and SMBv1 are frequently exploited by ransomware. Disable these through Windows Features or Group Policy unless your work requires them.
Regular audits help maintain security by keeping the system lean. Check startup programs, background services, and browser extensions periodically. Remove anything you don’t recognize or use. The principle is simple: turn it off if you don’t need it. A minimal system offers fewer opportunities for ransomware to establish a foothold.
