How to stop ransomware

Stop ransomware in its tracks, and rescue your files if your PC has already been infected

How to stop ransomware

Ransomware – software that encrypts your files or locks your screen until you pay its creators a fee – is no longer the preserve of malicious coders. Virus-writers are now offering their creations for sale on the black market for less tech-savvy criminals to distribute, in return for a slice of the profits.

This new tactic means ransomware is spreading faster than ever, and criminals are becoming more inventive with their tactics – one of the latest examples of the type masquerades as a Pokémon Go app for Windows.

As with all forms of malware, prevention from ransomware is better than cure: only download software from trusted sources, don't open unexpected email attachments, question any new programs you don't remember downloading, and remember that if something sounds too good to be true, it almost certainly is.

However, it's not always possible to stop stealthy ransomware attacks – sometimes all it takes is visiting a website that's been compromised – but there are measures you can take to prevent infections, and to deal with any that slip through the net.

AOMEI Backupper

Regular backups are en essential part of protecting your data, and free system utility AOMEI Backupper makes the process quick and painless

1. Back up your files and make a rescue disc

You should already be making regular backups of your data – not only as protection from ransomware and viruses, but also from file corruption, disk damage, and theft or loss of your machine. It might seem like a hassle, but it doesn't have to be.

AOMEI Backupper is a free tool that takes the fuss out of this essential part of PC housekeeping. AOMEI makes it simple to back up your whole system, a drive, a partition or individual files, and restore them in minutes. You can also clone one drive to another with a few clicks, and make bootable rescue media for emergencies like a ransomware infection.

Also make sure you have the latest updates for all your software, to patch any newly discovered vulnerabilities. Check your Windows settings to ensure you receive automatic updates, and install Secunia Personal Software Inspector to identify software in need of patching. The first time you run Secunia PSI it will prompt you to install Microsoft Update; you can ignore this if you're running Windows 8, 8.1 or 10.

Secunia Personal Software Inspector

Ransomware can exploit vulnerabilities in your operating system and other software. Ensure your apps are up to date using Secunia Personal Software Inspector - available to download free

2. Boost your PC security

An online security tool is essential to stop ransomware infections, but bear in mind that some are more comprehensive than others. Avira Free Antivirus is our weapon of choice, and Avast Free Antivirus also offers particularly good protection against ransomware.

Premium security suites often include additional measures that can stop web pages containing malicious software like ransomware from even loading. Thanks to generous trial periods, it's possible to get a year of premium antivirus protection completely free, so this option is well worth investigating.

Security stalwart Malwarebytes is working on a tool specifically designed to stop ransomware, and you can try it for free before it's rolled into the company's premium security suite. It's still in beta, so it's not perfect, but it provides an extra layer of security on top of your existing antivirus.

MalwareByte Anti Ransomware

The security experts at Malwarebytes are developing a dedicated anti-ransomware tool. It's still in beta, but adds an extra layer of protection on top of your regular antivirus program

3. Unlock your files if your PC is infected

If you're unfortunate enough to fall victim to a ransomware attack, your immediate instinct might be to pay the fine and get everything back working as soon as you can. Most ransomware creators will indeed unlock your files once you've opened your wallet, but there's no guarantee.

If your screen is locked by ransomware, try inserting your Windows disc, then rebooting your PC. The machine should boot from the disc rather than your hard drive (if not, press [F8] before Windows loads and use the BIOS menu to change the boot order), and you'll be given the option to repair or reinstall the operating system.

Alternatively, you can use the Advanced Boot Options menu (again via the BIOS) to access Windows System Restore, to restore your PC to a point before it became infected.

Restoring or repairing your system should remove ransomware, but your files may still be encrypted – or even deleted. That isn't a problem if you've been making regular backups though, and AOMEI Backupper will enable you to restore them.


Cat is TechRadar's downloads editor. She's been a tech journalist for six years on magazines including PC Plus, Official Windows, PC Format and Windows: Help & Advice (with a brief stint in PR for the nuclear industry in between). If you have a question about software, drop her a line!