How to Protect Against Ransomware — Complete Guide
Ransomware is the most financially damaging type of malware. It encrypts your files and demands payment — often thousands of dollars — to restore access. In 2025, over 4,000 businesses were hit per day. Home users aren't safe either. Here's how to protect yourself properly.
How Ransomware Gets In
Understanding the entry points is step one:
- Phishing emails: ~65% of attacks start with a malicious email attachment or link
- Unpatched software: Outdated Windows, browsers, or plugins are common entry points
- Remote Desktop Protocol (RDP): Exposed RDP ports are actively scanned and brute-forced
- Malicious downloads: Fake software, cracked games, pirated apps
- USB drives: Infected removable media
The 5-Layer Defense Strategy
Layer 1: Good Antivirus with Ransomware Protection
Not all antivirus products handle ransomware equally. Look for products with behavioral detection (catches unknown ransomware variants) and ransomware rollback (can restore encrypted files). Our top picks:
- Bitdefender Total Security — best ransomware remediation and rollback
- Malwarebytes Premium — excellent behavioral detection of new ransomware variants
- Norton 360 — strong ransomware detection, backed by cloud threat intelligence
Multi-layer ransomware defense with file restore capability. If ransomware does get through, Bitdefender can roll back encrypted files to their original state.
Get Bitdefender →Layer 2: The 3-2-1 Backup Rule
No backup strategy, no recovery. Follow the 3-2-1 rule:
- 3 copies of your data
- On 2 different storage types
- With 1 copy offsite (cloud or remote location)
For home users: your primary PC + an external drive + cloud backup (Google Drive, OneDrive, or the 50GB that comes with Norton 360) covers all three. Make sure your cloud backup is not mapped as a drive letter — ransomware can encrypt mapped network drives.
Layer 3: Windows Controlled Folder Access
Windows 11 has a built-in ransomware protection feature called Controlled Folder Access. Enable it in Windows Security → Virus & threat protection → Ransomware protection. It blocks unauthorized apps from modifying files in protected folders. Most legitimate apps are whitelisted automatically.
Layer 4: Keep Everything Updated
The WannaCry ransomware attack in 2017 infected 300,000 machines using a vulnerability that Microsoft had patched two months earlier. Don't be that statistic:
- Enable Windows automatic updates
- Keep browsers and browser extensions updated
- Update Office/Adobe/Java regularly
- Use a vulnerability scanner (ESET includes one)
Layer 5: Email Hygiene
Most ransomware arrives via email. These habits eliminate most of the risk:
- Never open email attachments you weren't expecting
- Verify suspicious "invoice" or "shipping" emails by calling the sender
- Enable multi-factor authentication on your email account
- Use Gmail or Outlook — they have good built-in phishing filters
- Don't enable macros in Word/Excel documents from unknown senders
If You're Already Infected
- Disconnect from the internet and network immediately — prevents spread
- Do NOT pay the ransom — payment doesn't guarantee file recovery, and funds further attacks
- Check NoMoreRansom.org — a free decryption tool may exist for your ransomware variant
- Restore from backup if you have one
- Report to local law enforcement — required for business insurance claims
FAQs
Q: Can antivirus remove ransomware?
A: Modern AV can detect and block ransomware before encryption completes. If encryption has already happened, removing the ransomware doesn't decrypt your files — you need a backup or decryption key.
Q: Should I pay the ransom?
A: Almost never. The FBI recommends against it. Only about 65% of victims who pay actually get their files back.