Microsoft Malware Protection Center answers questions about ransomware

Laurent Giret

As the Windows operating system currently claims a 88.77% desktop operating system market share (via NetMarketShare), Microsoft obviously has to take malware protection very seriously. This week, a new blog post by the Microsoft Malware Protection Center is explaining how users can protect themselves against ransomware.

“For the past three months, we have seen ransomware hop its way across globe. Majority of the ransomware incidents are found in the United States, then Italy, and Canada” according to the company. If you’re not familiar with it, ransomware is a specific type of malware that stealthily gets installed on your PC (or mobile device) and then holds your files or operating system functions for ransom. However, paying that ransom (either via credit card or Bitcoins) may not give you back complete access to your machine and data as you have to make sure that the malware has been removed from your machine. As ransomware can really have dramatic consequences, Microsoft is on a mission to better educate users about this evolving threat:

Ransomware can take your hard-earned money in exchange of the stuff you already own – your data or files!! Exxrouteransomware, for example, demands $500 and doubles the ransom as you delay the payment. It also starts deleting your files if you delay the payment.

It can also violate your privacy, disrupt your work or personal life, and possibly harm your reputation.
If the ransomware perpetrators are cashing in on people’s ignorance, then educating yourself about it can help disrupt their business.

A ransomware timeline.
A ransomware timeline.

To help users avoiding ransomware attacks, Microsoft has shared a few prevention measures that you can see below:

  • Keep your operating System and antivirus solution up-to-date.
  • Beware of phishing emails, spams, and clicking malicious attachment.
  • Regularly back-up your files in external storage or in the cloud.
  • Disable the loading of macros in your Office programs.
  • Disable your Remote Desktop feature whenever possible.
  • Use two factor authentication.
  • Use a safe and password-protected internet connection.
  • Avoid browsing web sites that are known for being malware breeding grounds (illegal download sites, porn sites, etc.).

For Windows 8.1 and Windows 10 users specifically, the Microsoft Malware Protection Center is also recommending the following measures:

  • Enable Microsoft Active Protection Service (MAPS) to get the latest cloud-based ransomware detection and blocking.
  • Enable file history or system protection. In your Windows 10 or Windows 8.1 devices, you must have your file history enabled and you have to setup a drive for file history.
  • On Windows 10, Use Microsoft Edge to get SmartScreen protection. It will prevent you from browsing sites that are known to be hosting exploits, and protect you from socially-engineered attacks such as phishing and malware downloads.

In the case you’ve been hit by a ransomware attack, Microsoft is also explaining how you can (in some cases) recover access to your backed-up files using either the File History feature in Windows 10 and Windows 8.1 devices or the System protection feature in Windows 7 and Windows Vista devices:

In Windows 10 and Windows 8.1:

  • Swipe in from the right edge of the screen, tap Search (or if you’re using a mouse, point to the upper-right corner of the screen, move the mouse pointer down, and then click Search). Enter “restore your files” in the search box, and then tap or click Restore your files with File History.
  • Enter the name of file you’re looking for in the search box, or use the left and right arrows to browse through different versions of your folders and files.
  • Select what you want to restore to its original location, and then tap or click the Restore button. If you want to restore your files onto a different location than the original, press and hold, or right-click the Restore button, tap or click Restore To, and then choose a new location.

In Windows 7 and Windows Vista:

  • Right-click the file or folder, and then click Restore previous versions. You’ll see a list of available previous versions of the file or folder. The list will include files saved on a backup (if you’re using Windows Backup to back up your files) as well as restore points. Note: To restore a previous version of a file or folder that’s included in a library, right-click the file or folder in the location where it’s saved, rather than in the library. For example, to restore a previous version of a picture that’s included in the Pictures library but is stored in the My Pictures folder, right-click the My Pictures folder, and then click Restore previous versions. For more information about libraries, see Include folders in a library.
  • Before restoring a previous version of a file or folder, select the previous version, and then click Open to view it to make sure it’s the version you want. Note: You can’t open or copy previous versions of files that were created by Windows Backup, but you can restore them.
  • To restore a previous version, select the previous version, and then click Restore.

However, be aware that some ransomware may be able to encrypt or delete the backup versions, preventing you from running through the previous steps. In that specific case, you may still get your files back if you previously backed them up in external drives or in either OneDrive for consumer or OneDrive for business. If you want to get more details about ransomware, we strongly encourage you to read the full post over here. Let us know in the comments if you have already been hit by a malware or ransomware attack.