Ransomware: One of the Most Destructive Threats Online

Ransomware is a type of malware that encrypts your files — making them completely inaccessible — and then demands a payment (usually in cryptocurrency) in exchange for the decryption key. Victims have lost personal photos, business documents, financial records, and years of irreplaceable data to these attacks.

Windows PCs are among the most frequently targeted systems. Understanding how ransomware works is your first line of defense.

How Ransomware Gets onto Your Computer

Attackers use multiple delivery methods, many of which are deceptively simple:

  • Phishing emails: Malicious attachments disguised as invoices, shipping notifications, or HR documents. A single click can execute the payload.
  • Malicious downloads: Fake software cracks, pirated games, or counterfeit apps bundled with ransomware installers.
  • Drive-by downloads: Visiting a compromised or malicious website can trigger an automatic download without any user interaction.
  • Remote Desktop Protocol (RDP) attacks: Brute-force attacks on exposed RDP ports are a major vector, particularly targeting businesses.
  • Malvertising: Malicious ads on otherwise legitimate websites that redirect to exploit kits.

What Happens During a Ransomware Attack

  1. Infection: The ransomware executes and begins running silently in the background.
  2. Encryption: It rapidly scans for and encrypts files — documents, photos, spreadsheets, databases — often targeting network drives and connected backups too.
  3. Ransom demand: A message appears on screen demanding payment, typically with a deadline. Paying does not guarantee file recovery.
  4. Persistence: Some variants also steal data before encrypting, threatening to publish it publicly (double extortion).

How to Protect Your Windows PC from Ransomware

Enable Controlled Folder Access

Windows 11 and 10 include a feature called Controlled Folder Access that prevents unauthorized apps from modifying files in protected folders like Documents and Pictures.

  • Open Windows Security → Virus & threat protection → Ransomware protection.
  • Toggle on Controlled folder access.
  • Add any additional folders you want to protect.

Maintain Offline Backups

This is the single most effective ransomware mitigation strategy. Follow the 3-2-1 backup rule:

  • 3 copies of your data
  • 2 different storage media (e.g., external drive + cloud)
  • 1 copy stored offline (disconnected from your network)

Ransomware can encrypt mapped network drives and cloud sync folders — an air-gapped offline backup is your safety net.

Keep Software Updated

Many high-profile ransomware outbreaks have exploited known vulnerabilities in unpatched software. Enable automatic updates for Windows, your browser, and all installed applications.

Be Skeptical of Email Attachments

Never open unexpected email attachments — even from people you know. Their account may have been compromised. When in doubt, verify with the sender through a different channel before opening any file.

Disable RDP If You Don't Need It

If you don't use Remote Desktop, disable it: Settings → System → Remote Desktop → toggle Off. If you need it, use a strong password, enable Network Level Authentication, and consider a VPN instead of exposing RDP directly to the internet.

What to Do If You're Hit by Ransomware

  • Disconnect immediately: Unplug from Wi-Fi and Ethernet to stop the spread to other devices.
  • Do not pay the ransom: Payment funds criminal operations and doesn't guarantee recovery.
  • Report it: File a report with your national cybercrime agency (e.g., FBI IC3, Action Fraud in the UK).
  • Check for decryptors: Visit No More Ransom — a free resource that offers decryption tools for many known ransomware strains.
  • Restore from backup: Wipe the infected drive and restore from a clean, pre-infection backup.

Ransomware is a serious threat, but with the right habits and protections in place, you can make your Windows PC a much harder target.