Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Ransomware: How do you prevent it from happening?

Dec 19, 2014 7:40AM PST
Question:

Ransomware: How do you prevent it from happening, and if you were held up, do you pay?


I've been seeing a lot of news headlines about ransomware in which I think it is when a hacker gets into your computer and puts a lock on it so that you can't do anything on it and demands a payment of a specific amount or else your computer will remained locked or will be wiped clean. Am I correct or is there more to it? This has me a bit concerned. Even though my computer doesn't hold top-secret materials, I still don't want to get caught in this mess. So how would one go about preventing this type of ransomware from being attached to my computer? Is an antivirus program good enough to keep this from happening? If not, what should I have installed to prevent this? And out of curiosity, if this were to happen to you where your computer were held up for ransom, would you pay up? Why or why not?

--Submitted by Steven H.

Discussion is locked

- Collapse -
Very Important Point Just Made Here
Jan 9, 2015 2:24PM PST

What QuiGonJohn just posted is really important. The encryption viruses will encrypt the data files on all drives connected to the infected computer. Therefore, if you backup to an external drive and it's turned on at the time of infection, your backup files will be encrypted too. They will be of absolutely no use to you in restoring your system.
So when you back up to your external drive, as soon as the backup is completed, turn off your external drive.

- Collapse -
Exactly
Jan 9, 2015 9:11PM PST

And my point about these being the worst, when I first heard of these encrypter infections I thought, much like the FBI Scams that it was BS. That once you removed the infection you woul dbe able to use your data files. Of course, after some research and then experience helping some clients who got it, I found that no, the infection is pretty easy to get rid of, but the damage in it's wake, (your files lost to encryption), is very real and nearly unrecoverable, (save a good backup). Since learning of this, I have gotten much more diligent in my own backup strategies. Backing up to an external hard drive, then unhooking it and putting it away. At least every couple weeks and also after adding any significant amount of pictures.

- Collapse -
RE: Ransomware: How do you prevent it from happening?
Jan 9, 2015 12:40PM PST
Over the past 5 or 6 years it's happened to me 2 maybe 3 times, can't remember for sure.

I've used a free program named " ComboFix ". It's worked every time. It also eliminated at lot of other junk I didn't know was there.
- Collapse -
Ransomeware and Linux
Jan 9, 2015 1:42PM PST

I also run Linux and it does 100% of my needs. I couldn't agree more with Linux being the best way to avoid ransomeware plus being meticulous about backing up your data.

- Collapse -
Most of these suggestions are useless
Jan 9, 2015 2:08PM PST

As someone else pointed out, most of these suggestions for removing a virus/malware do not apply to something like Cryptlocker. With that one, you have only three choices.

- Restore from your backup

- Pay the ransom.

- Live without your data

Again, as someone pointed out, if you back up to a NAS or another computer on the network, then your backups will be encrypted, too<mytubeelement data="{"bundle":{"label_delimitor":":","percentage":"%","smart_buffer":"Smart buffer","start_playing_when_buffered":"start playing when buffered","sound":"sound","desktop_notification":"desktop notification","continuation_on_next_line":"-","loop":"loop","only_notify":"only notify","estimated_time":"estimated time","global_preferences":"global preferences","no_notification_supported_on_your_browser":"no notification style supported on your browser version","video_buffered":"video buffered","buffered":"buffered","hyphen":"-","buffered_message":"the video has been buffered as requested and is ready to play.","not_supported":"not supported","on":"on","off":"off","click_to_enable_for_this_site":"click to enable for this site","desktop_notification_denied":"you have denied permission for desktop notification for this site","notification_status_delimitor":";","error":"error","adblock_interferance_message":"adblock (or similar extension) is known to interfere with smartvideo. please add this url to adblock whitelist.","calculating":"calculating","waiting":"waiting","will_start_buffering_when_initialized":"will start buffering when initialized","will_start_playing_when_initialized":"will start playing when initialized","completed":"completed","buffering_stalled":"buffering is stalled. will stop.","stopped":"stopped","hr":"hr","min":"min","sec":"sec","any_moment":"any moment","popup_donate_to":"donate to","extension_id":null},"prefs":{"desktopnotification":true,"soundnotification":true,"loglevel":0,"enable":true,"loop":false,"hidepopup":false,"autoplay":false,"autobuffer":true,"autoplayonbuffer":false,"autoplayonbufferpercentage":42,"autoplayonsmartbuffer":true,"quality":"default","fshd":true,"onlynotification":false,"enablefullscreen":true,"savebandwidth":false,"hideannotations":false,"turnoffpagedbuffering":true}}" event="preferencesUpdated" id="myTubeRelayElementToPage"></mytubeelement><mytubeelement data="{"loadBundle":true}" event="relayPrefs" id="myTubeRelayElementToTab"></mytubeelement>. Same with Dropbox, and I assume Google's and Microsoft's cloud drives. Those are visible to Explorer, so the ransomware will scramble those, too.

For my backups, in addition to a Time Machine-like program writing to a local NAS, (for convenience) I have a subscription with CrashPlan. They have competitors that work similarly. That gets my data off-site, and not connected in a way that the encrypter can get at it. And, CrashPlan saves multiple versions of every file, so I can always go back to a version prior to the encryption.

So, to answer your question, I would not pay. I would wipe the machine and restore from backup. In fact, I treat every virus infection that way. (Only ever happened to my personal machines twice. But, I fix friends' computers a few times a year.) I just can't bring myself to trust a machine that has been infected. They're just too tenacious at fighting against cleanup efforts. So, I treat a virus infection the same as I would a disk crash.

Drake Christensen

- Collapse -
Ack!
Jan 9, 2015 2:11PM PST

The editor here stuck in a bunch of gibberish. I can't find where to edit it, so here is a clean version.

As someone else pointed out, most of these suggestions for removing a virus/malware do not apply to something like Cryptlocker. With that one, you have only three choices.

- Restore from your backup

- Pay the ransom.

- Live without your data

Again, as someone pointed out, if you back up to a NAS or another computer on the network, then your backups will be encrypted, too. Same with Dropbox, and I assume Google's and Microsoft's cloud drives. Those are visible to Explorer, so the ransomware will scramble those, too.

For my backups, in addition to a Time Machine-like program writing to a local NAS, (for convenience) I have a subscription with CrashPlan. They have competitors that work similarly. That gets my data off-site, and not connected in a way that the encrypter can get at it. And, CrashPlan saves multiple versions of every file, so I can always go back to a version prior to the encryption.

So, to answer your question, I would not pay. I would wipe the machine and restore from backup. In fact, I treat every virus infection that way. (Only ever happened to my personal machines twice. But, I fix friends' computers a few times a year.) I just can't bring myself to trust a machine that has been infected. They're just too tenacious at fighting against cleanup efforts. So, I treat a virus infection the same as I would a disk crash.

Drake Christensen

- Collapse -
A System Encrypted By "Ransomware" Cannot Be Undone
Jan 9, 2015 2:29PM PST
Real ransomware is not just a virus or trojan that can be rooted out. Any "ransomware" that can be undone by a virus scanner or malware remover is posing as a threat and is not the real deal. A virus can deliver the script but the virus is not the problem, it is the script that you unknowingly allow the malware to run.
The true ransom lock is where your files are encrypted using the built-in encryption capabilities that are present in a Windows OS or other OS with encryption capability and are often used in enterprise settings. Encryption is NOT a virus and file encryption is a legitimate security tool that is used in very secure networks. You have to turn the feature on and generate a secure key that you then record and put in a safe place. The only way to recover from unintended encryption on your existing installation is to restore from a secure backup or posses the full encryption key. No virus scanner or anti-malware program can unencrypt your files. If they are truly locked, you need the long encryption key (pay the ransom) or you need to be able to restore your system from a previous backup that is not encrypted.

You DO NOT have enough computing power to hack an encryption key and thus the real ransomware (Cryptolocker and variants) cannot be undone without paying. I don't recommend ever paying but if you do not have a secure backup, you are out of luck.

Many of these programs have a countdown timer that will increase the cost of getting the key as time passes. At the end of the ransom period (usually a number of days) the key is discarded by the villain and you are permanently out of luck. Many are now requiring payment by Bitcoin, which further complicates issues.

If something happens and you are networked or have attached devices, IMMEDIATELY turn your system off! JUST PULL THE PLUG! It may be too late for your files but you don't want to spread it to attached drives or your network where it could encrypt files on shared drives or other systems. Don't reconnect to a network until your machine has been restored to its unencrypted state and cleaned of all malware.

One thing that you can do to reduce vulnerability is to set your default browser to Chrome or Firefox. Internet Explorer (all versions) is tightly integrated with the OS and is the easiest way to get at the Windows subsystems to turn the encryption on. Chrome and Firefox operate on a more isolated basis so you can reduce the exposure some by setting either of these to the default for opening hyperlinks. Browser plug-ins may useful tools but plug-ins will also reduce your browser safety, regardless of the browser.

Another thing that you need to do is make sure that you do not turn off the User Account Control (UAC). Turning off the UAC is simply inviting trouble because you have completely removed the warnings of last resort that could possibly warn you of pending efforts to mess with your system.

Smart viruses and malware will attempt to shut down the UAC, disable your antivirus, delete system restore points and then deliver the script that will simply walk into your data and turn on the encryption. The key is forwarded to the thieves and the message displayed on your machine that you are toast.

There are some well meaning responses to the original question but unfortunately, many do not seem to understand the threat that an encryption attack presents. Once you have been encrypted, it's game over for your files.

Heed the warnings: Don't open unknown attachments; don't poke around in nasty websites and don't just click on any popups.
- Collapse -
I beg to differ..
Jan 11, 2015 1:28PM PST

everything you say is correct except that not all cryptolocker infections are equal. Some of them use weak encryption, and there are sites out there like Windows Secrets that lead to methods to decrypt the files should a victim be so lucky. However any machine such as this should be immediately shut down and removed from the network until the victim can research such solutions on a completely other uninfected machine.

I would never rely on such luck, as I'm sure you would not either. Storing a safe backup away from the computer and network is the only real insurance; and no restoring until the infection is completely removed.

I also posted a link to the developer that made Crypto Prevent, which is totally free for private users.

- Collapse -
i wouldn't pay for ransom...
Jan 9, 2015 3:57PM PST

I know that first it hurts to not be able to see and use information that you used to see and use. I've had that experience through the loss of my cell phone. I WAS VERY UPSET ABOUT IT...but I was atleast VERY HAPPY THAT I HAD SETUP THE LOCKOUT FEATURES on it. OTHERWISE I WOULD BE MORE THAN VERY UPSET about losing that info...after a couple of months went by I stopped feeling the way I was feeling when I first lost it... so i'm thinking that if your computer becomes taken over for ransom that same thing will happen. AT FIRST YOU'LL BE VERY UPSET ABOUT IT FOR A FEW DAYS OR WEEKS but as more time goes by you'll start feeling better...so you should not pay to get your computer back if its taken over by ransom ware that's what I think...UNLESS YOU HAVE INFORMATION IN IT THAT CAN DO HARM TO YOU AND OTHER PEOPLE...then MAYBE you should worry about it and maybe pay....but if you don't care what that info can do....FORGET ABOUT PAYING FOR IT...

The only bad experiences I've had online are that sometimes I go to a website and then a window pops up saying your java updates are ready....and AFTER clicking install updates...my computer all of a sudden has many more window popups about places that I have shopped at, things that I have bought online and what they suggest I should buy or places that I should be shopping at and it is very annoying...they didn't stop and wouldn't let my computer operate properly. So I re-installed everything and finally everything start to work properly again. Then one day another window saying your java update are ready to install LOL...I finally learned my lesson and DECIDED to NOT install those updates and my computer is still working fine. So i'm thinking the only way you can be locked out of your computer is if you allow exotic software to install itself into your computer from the internet under the disguise of it being an update to your other software. So for now I've not had any more problems with computer thanks to my ignoring the java updates that every now and then appear infront of me. So I guess what i'm saying is that whenever a popup windows appears asking your to install anything, DO NOT ACCEPT. If there is an update available, you go to the website where you can download it and install it from (ex: Microsoft updates website)and not from a popup window. If you don't know where that program update can be downloaded from you can probably google it. Anyway I don't know if my answer to ransomware question will be helpful to anybody but if it is....feel free to let me know....Goodluck to y'all...

- Collapse -
Backup daily
Jan 9, 2015 4:03PM PST

I use Norton Ghost 15 auto backup at 7.00am every day on a n external disk. Ok, so I might loose the occasional e-mail or other unwanted junk in my Inbox, who cares, but I can boot up from the Ghost bootup disk and restore my puter to sanity. I do also use Malewarebytes once a week....just in case!

I am still using XP which I religiously protect from the uninformed, unwashed, uncouth, ugly and unwanted idiots who have nothing better to do in their lives except to anonimously messing up others computer systems. Such masked cowards. Get a REAL job.

JE SUIS CHARLIE....they contributed by satire to the welfare of everyone in a fun way rather than the IQ0`s that infest the internet to whom I would say `go forth and multiply eternally`...go work it out!

- Collapse -
Just Two Things:
Jan 9, 2015 4:04PM PST
- Collapse -
Worried about these links
Jan 9, 2015 10:00PM PST

mchainmchain, I thought I would read about what you put here. I clicked on the first link and it was VERY SLOW to load. Bogged down my whole computer. Actually had me worried it was a trojan that might be doing some kind of encrytper. Has anyone else had any problems with this link? I didn't bother trying the second link.

- Collapse -
Sorry you've got issues with your browser or connection
Jan 10, 2015 9:41AM PST

QuiGonJohn,

The first thing is that CryptoPrevent does is protect you against ransomware by blocking all actions it needs to run successfully and install on your system. Once it runs successfully on your system, you've got a problem.

It does this by setting system-wide policies used by IT professionals in corporate domain environments and also uses a definition-based protection against the newest and latest ransomware.

Try using another browser other than Internet Explorer, if that is what you were using, to view and download the CryptoPrevent software.

Seems as if everyone else is just complaining about ransomware, and the disastrous effects of it, rather than proactively doing something about it. You never know when or where you will run into one of these variants, and one's a/v protection may or may not block or catch it when it arrives.

The title of this discussion is: "Ransomware: How do you prevent it from happening?"

These two solutions used together will prevent a ransomware variant threat from installing. It won't prevent that threat from coming to your door, but it will block the threat from installing.

If it can't install, you've successfully prevented the threat.

Better link for Sandboxie is here: http://www.sandboxie.com/index.php?HowItWorks
and here for the free version: http://www.sandboxie.com/index.php?DownloadSandboxie

Sandboxie can run your browsers, word processing programs, notepad, and any other program you can think of in a protected and system-isolated mode. Any changes in there can be trivially tossed by deleting the sandbox where all your data resides, or, you can save those changes if you wish.

If you don't want to run Sandboxie, then there's this: http://www.malwarebytes.org/antiexploit/
It is available in free or paid versions. It, too, works by blocking the threat(s).

Don't understand why two (so far) thumbs down have been posted other than others may not understand or trust what help I am providing here. As I said, it is the user that does not know is the weakest link in security.

Always best to be prepared.

- Collapse -
Strange then
Jan 10, 2015 11:10AM PST

It's just once I clicked the first link, for the CryptoPrevent to open in a new tab, my whole computer bogged down to a crawl. When I finally was able to close that tab, the computer was opening web pages at normal speeds. I did scans with MSE and MBAM after, just to be sure. I also booted to ERD Commander and cleaned out all temp file locations, as well as some folders left from things I know I deleted some time ago, such as LogMeIn.

- Collapse -
Strange?
Jan 10, 2015 12:54PM PST

Not really. Any site, even reputable ones such as FoolishIT (CryptoPrevent) can be compromised, at any moment in time. They can serve malware of different sorts, from adware to malicious worms and rootkits. And you wouldn't know before you went there beforehand. And it happens all the time.

It was fine yesterday, why did this happen to me? It is because the active criminals out there want to monetize all malware attacks in any way they can and not get caught doing it. So, here the easiest vicitim to victimize is the average home user and ransomware is one of the best ways of doing that.

I'm not saying the FoolishIT site was in fact compromised at the moment you visited it, but it is possible it was, for a short time. With the owner of the site being as smart and resourceful as he is, it would not be compromised for long. It is a good site and offers exactly what you need for protection against all versions of ransomware, even the newest versions.

You've taken the proper precautions by clearing your temp files and you can use this: http://www.piriform.com/ccleaner
to fully remove any other temp files from your system. For the average user, it is not surprising to see it remove over 2-3 GB of temp files in one fell swoop. I'd only leave the temp file remover checked to be active once in a great while (annually) just to keep control of disk hard drive used space when needed.

If you saw the same browser behavior when running it under the protective auspices of Sandboxie, all you would need to do would be to delete the sandbox by right-clicking the sandboxie icon in system tray, selecting "Delete contents" and only 1-3 seconds later your browser would close and it would then recover on next use unchanged and unharmed. It will not hang and you will not have a heart attack during the hang or after.

Ask, and I will tell you what else is needed to protect your system from ransomware. Prevention is key.

- Collapse -
I posted the same link..
Jan 11, 2015 1:36PM PST

and had no trouble with it. I can't blame folks for wondering what is going on with the crazy URL the developer picked, but it is legitimate. Folks can also go to Wilder's Security Forums, or bleeping computer to look for the same download or link.

- Collapse -
Glad you did
Jan 12, 2015 3:38PM PST

Update:

"The VM checker code, in the first stage of CryptoWall's dropper sequence, checks the system for running processes, searching for VMware and VirtualBox services or the Sandboxie application partitioning library. If the coast is clear, the code does some best practices-based memory handling to release memory used in the initial drop mode, then launches another dropper disguised as a Windows Explorer process."

CryptoWall is the latest variant of ransomware, effectively replacing CryptoLocker, which was brought down by the DOJ in June of 2014. It looks for a Virtual Machine or variants of virtual machines or Sandboxie and aborts installation if it finds either of them running on a system.

More here: http://arstechnica.com/information-technology/2015/01/inside-cryptowall-2-0-ransomware-professional-edition/
Full details of how it works can be found in the above article.

- Collapse -
Yes, and...
Jul 1, 2015 12:31PM PDT

Some of the people I know are getting hit with earlier variants that aren't as sophisticated, so I always suggest if they are adamant not to pay the blackmail; that they can at least hope they didn't get hit by the latest versions. It can't hurt to try the decryption solutions as long as you are already dedicated to a destroyed file system. Believe it or not, some of the crooks are dumb enough to put the password to the decryption on a notepad in the files. This can be seen by Linux CD in the PE environment. This makes getting it back pretty simple for an IT tech. It is the same file the crook uses to decrypt the infection obviously. (in those variants)

- Collapse -
Ransomware
Jan 9, 2015 4:06PM PST

I've had NSA - FBI ransomware try this on me in the past,I simply turned off modem,logged off,signed back in,ran MalwareBytes {premium} Glarys Utility, opened Avast {Internet Security} and blocked the site on Site blocker,Avast free version also has a site block,I simply prefer the payed versions of both MBAM and Avast,also NEVER EVER click the X on a popup, the whole page is probably an acceptance.

- Collapse -
I wouldn't pay up...
Jan 9, 2015 4:26PM PST

I do computer repair and have come across numerous PC's with this problem where someone has installed something and next thing they know the entire computer is locked, no access to data, and there are threats that the data has been encrypted and will be lost for good if you don't pay up and it will delete the data if you try and get access to it.

Ok let's take this "threat" more seriously - most of the time these malware threats that your data has been encrypted are just absolute rubbish. For a virus to encrypt your data if you have quite a large hard drive with a lot of data on it, it would need to sit there for a good few hours encrypting all that data (by which time you would have probably switched the machine off!).

There is a few programs out there that do encrypt your data, but the majority just put a simple lock on your system by overlaying the desktop with their own screen and disabling task manager so you can't get in and close software down, some go as far as also infiltrating safe mode too (kind of easy if they infect the explorer program - as most of windows is just explorer running in different modes - you'd think Microsoft would well and truly protect the Explorer program from any unauthorised changes and even authorised ones get the end user to authorise the change - but they don't!)

There are a number of ways to get your data back, but most of the time the worst way of trying to get your data back is to call up these people and pay up - chances are even when you've paid them they're not going to give you your data back, or they're going to do a runner with your credit card number and go on a spending spree before the card gets cancelled - think about it - the people doing this are criminals - it's like when you see on these films someone is kidnapped and the person pays the money to get the person back, the kidnapper normally takes the money and runs and leaves the person still in a position that they don't get the person back.

The easiest way normally to retrieve your data if you do get ransomware though is to go onto the internet and download an ISO file called Puppy Linux (http://www.puppylinux.org), when you burn the ISO to a CD you can then boot that CD on the infected PC - if you get the CD to boot (you might need to change the BIOS boot priority to the CD drive rather than the hard drive - this differs on each computer, sometimes F12 allows you to alter boot priority).

This will load up a basic version of Linux, this is superb for retrieving all sorts. You should have some hard disk icons in the bottom left corner of the screen in Linux - they won't be called the normal Windows names of C: D: E: etc as Linux doesn't use these names - instead it uses names like SDA1, SDA2, SDB1, SDB2, etc - don't really worry too much about that though, just find the one with either a "Documents and Settings" (XP) folder or "Users" (Vista, 7, 8, 8.1) in it, you might find you've got a few hard drives to chose from, the others might contain things like Recovery or something - don't worry about them - in Windows those drives are hidden, but in Linux they show up.

If you copy the entire Users or Documents and Settings folder to a removable hard drive then that will copy all your data. As long as the virus didn't encrypt it (which is highly unlikely) then you should be able to retrieve all your data from that - inside the users or documents and settings folder you should find seperate folders, one for each user on the system and one for All Users and Default User, inside the various users folders you should then find all the documents/pictures/music folders, if you use e-mail through POP3 and not IMAP then you'll need to find the profile files - these can be a bit tricky as they're normally submerged in the Application Data or Local Settings folder, and as of Vista they're in the Roaming folder under either Microsoft, Outlook or Thunderbird depending on which e-mail software you use - web-based e-mail is stored on the web and IMAP e-mail is also stored on the web too.

Some viruses do change the permissions of folders to deny anyone access to read the folder - thankfully though the Windows folder lock is very basic and Linux ignores it.

One of the easiest ways to keep yourself safe from this type of attack is to always back up your data - of course with the amount of data people store and produce now this is easier said than done, and try and keep your backups on a different operating system - programs are wrote for a specific system, so if you've got a Windows system and a Linux system creating the backup then if you end up with ransomware on the Windows system, even if it gets copied to the backup it's pretty dead on the Linux system 'cos Linux can't do anything with it.

- Collapse -
forgot to mention....
Jan 9, 2015 4:32PM PST

I forgot to mention in the bit about copying the documents and settings/users folder - if your using any operating system beyond XP it is important that you copy the Users folder, only copy Documents and Settings if your using XP. In all operating systems beyond XP there is a file called Documents and Settings but this is just a legacy link file, and copying that will not copy your data.

- Collapse -
puppy
Jan 10, 2015 5:05AM PST

I managed to locate the download and create an iso disk. It took quite a while to wade through everything to do this. I booted up a test computer and was successful at copying files from it to a flash drive. This should be very useful in dealing with the next person I have to bail out who arrives with a ransomware locked computer but has no backup.

I was surprised to read in your post that you didn't think that the virus would encrypt the Users folders' contents. I'd thought that was the objective of the ransomware.

If one or more of the user files were encrypted by the malware and I copied them back to another computer, would there be an infection risk or would I just not be able to open the files?

- Collapse -
(NT) If you lucky he's right..
Jan 11, 2015 1:41PM PST
- Collapse -
Ransomware
Jan 9, 2015 9:36PM PST

This is what I do to protect my computer....

I have Frontier Secure as my provider.
Every day I run the short scan then run the long scan on mu computer.
It takes 15 min of my time and I can walk away from it if I want.
At the end my computer is safe from all viruses
You can schedule the times if you want, but that means your computer needs to be turned off.
Any its short and sweet, but at the end you have a clear mind.

Joe DiBenedetto

- Collapse -
Dont' Pay
Jan 9, 2015 9:49PM PST

First of all, the Russians only care about getting your money, not fixing your problem. Avoiding porn sites won't stop you from getting these viruses. The thugs want maximum exposure, so they put them on POPULAR sites that have poor protection, especially celebrity sites.

- Collapse -
Please no rants on macs or linux
Jan 9, 2015 10:18PM PST

But I've read through this whole thread and don't see a single report of the encryption happening on a mac or linux box. Are there reports out there that just haven't made it here, or is there really nothing out there - or is there something in the mac system that prevents it from happening? I'm asking seriously.

I do a lot of computer support at a retirement community and often find the fbi and java-update infestations and clean them up and install malwarebytes, etc. (interestingly, I thought Windows 8 was supposed to be more secure than earlier versions, but I see the malware there too) But apart from one encounter with genio, I haven't found problems with macs - and I would say that roughly half the machines I look at ARE macs.

- Collapse -
Just as an aside
Jan 9, 2015 10:40PM PST

Has anyone else noticed that most of the time, System Restore on Windows 8 is VERY SLOW, compared to Windows 7. Something I find quite odd, since most everything else Windows 8 does is noticeably faster than Windows 7.

- Collapse -
Where are your backups?
Jan 9, 2015 10:45PM PST

Just backing up to another disk on your system or network might not be enough, as these files can be encrypted by the bad guys as well. The cloud might be a safer place, but I recommend that you encrypt files before storing them there.

- Collapse -
Get a good popup blocker.
Jan 9, 2015 11:02PM PST

I use Microsoft Security Essentials & Malwarebytes Anti-Malware. On top of them I have Adblock pro And Ghostery And Wot on my web browser. I down load a lot of test programs. Very rarely do I get anything. When I do get something, I get in to safe mode, run anti-virus programs.
NEVER pay anything, if they get your card number, they will wipe it clean.

- Collapse -
Malware
Jan 9, 2015 11:41PM PST

You can't 100 % protect your Windows system from getting infected.

There are steps you can take to help reduce the chance of getting infected.
Most of those steps require an advanced user.

Most Malware gets installed from bad web sites or from Legit infected web pages.
Next you have clicking links in emails that take you to infected web pages
Then you have the attached files from emails that are infected.

The best you can do is to reduce your chance of getting infected.

If you get infected do you Pay ?
No!
If everyone stopped "Paying" then they would stop making them because it would not pay them to.
Depeneding on which version of ransom ware you have there may be ways recover your information.