The best ransomware protection software will be able to prevent ransomware (and other rogue software) not just infecting your computers, but also stop it from being able to change your files and folders, either locally or in the cloud.
Ransomware protection has become increasingly necessary as cybersecurity risks increase. This is especially because if you do suffer from a successful ransomware attack, it can be very difficult to remove.
While there are tools available that will aim to help reverse a ransomware attack, the best defense is to avoid being infected by ransomware in the first place.
Most of the best antivirus software and anti-malware software will have protections against ransomware built in, so we've featured these at the top of our list - after all, prevention is better than treatment.
On top of this, for ordinary users backing up their most import files offline or online through a cloud storage solution, chances are they can recover them if you access them from a different machine.
Mitigate your ransomware risks with free Backblaze unlimited cloud backup
ExpressVPN, TechRadar's #1 VPN provider, is offering free unlimited cloud backup courtesy of Backblaze for a whole year when you sign up for an annual VPN subscription. Storing your files securely in the cloud can help you recover after a ransomware infection while using a VPN can help keep your devices protected online.View Deal
For businesses, really it's long past time to have a full disaster recovery software platform in place, to ensure that - should a ransomware attack get past your existing endpoint security - you can at least recover everything you need from a recent or even real-time backup.
Altogether, ransomware remains bad news and its likely to become worse, and while we've tried to list the best tools for removing it, do be aware that they have limitations and that prevention is the much better strategy.
Here then are the best ransomware protection software platforms currently available.
- We've also featured the best online cybersecurity courses.
Get a 50-60% discount on Bitdefender Antivirus Plus
TechRadar's #1 rated antivirus in a world packed with loads of virus protection providers, and doesn't even cost that much more than free antivirus downloads.
One at any rankings of big independent antivirus, and you’ll see that Bitdefender's premium security products always rise to the top.
Bidefender Antivirus Plus is reliable and accurate in its virus detecting, boasting web and URL filtering to block access to malicious sites, as well as a secure browser that keeps your online banking and shopping transactions safe. Plus, there's a password manager which auto-completes credit card details in web forms. It also scores high for its excellent anti-phishing module, which alerts you to malicious links in your search engine results and blocks access to dangerous sites.
That’s not all: of course, there's also the multi-layer ransomware protection that heuristically learns the behavior of such threats to keep you safe as well as the ability to scan all your linked devices via the Bitdefender Central mobile app.
There are one or two issues – it grabs more resources than average, and might conflict with some programs – but Bitdefender Antivirus Plus is still a likeable package which offers excellent detection rates, great performance, and more than enough bonus features to justify the price.
Bitdefender Internet Security builds on AVP and triples the number of devices covered plus offers anti-spam, firewall, parental advisor and file encryption features.
For a little bit more you can purchase the Bitdefender Total Security edition. It adds all of the above and covers up to five PCs, Macs, Android and iOS devices.
- Read our full Bitdefender Antivirus Plus review.
If you're looking for ransomware protection that keeps quiet and won't disturb your work, be warned – AVG Antivirus Free is quite vocal with its notifications, and irks us from time to time with pop-ups telling us we've done something fantastic with regard to our online security.
As a ransomware shield and anti-malware app, though, it's very good. The dashboard is user-friendly, there's protection not just from downloadable threats, but from dodgy links too, and you can use your mobile to scan your PC remotely, which is pretty clever.
Although the free version offers basic antivirus protection, you really need to upgrade to the paid version to get the full-featured protection against ransomware, as well as additional security software protections such as data encryption options as well as a firewall.
- Read our full AVG Antivirus Free review.
Avast Antivirus is one of the most competent internet protection suites out there. While the company is famous for providing free antivirus software, it's worth noting that this now comes bundled with an anti-malware feature that uses behavioral monitoring to spot rogue programs.
What's even better is that not only are Avast's basic products free, but they are also available for mobile devices as well as for desktops, which makes Avast a particular ideal choice if you have multiple devices you need to check.
Even better is that ransomware protection is included in the free version of the Avast Antivirus platform, so you don't even need to pay to upgrade for this, though additional security features are available if you do.
For business users, there are paid-for internet security options to cover a range of needs and options.
- Read our full Avast Antivirus review.
Just about every antivirus tool claims to be ‘lightweight’, but Webroot Antivirus is really the only one to deliver on this front. Installation takes seconds, the program files barely use 2MB of your hard drive, RAM footprint is tiny, and there are no bulky signature updates to tie up your bandwidth.
Considering this, there's no compromise on features, which makes it all the more impressive. Along with the core protection, there's smart behavior monitoring, accurate real-time anti-phishing, a firewall and network connection monitor, enhanced anti-ransomware, and other interesting bonuses.
It's not easy to compare Webroot's accuracy with the competition, as the big testing labs rarely evaluate the company's products. However, when they are reviewed, they generally score high, and our own tests show solid and reliable protection.
Features include always-on security, identity protection, real-time anti-phishing, firewall monitor.
- Read our full Webroot Antivirus review.
If you judge antivirus software on the length of its feature list, ESET NOD32 Antivirus might be a bit of a disappointment. There’s no firewall, password manager, file shredder, vulnerability scanner or any of the bundled bonuses you'll often find in its rivals.
This doesn't mean the package is short on power, however. It's just more focused on the fundamentals. ESET NOD32 Antivirus comes with real-time malware protection, some of the best heuristic detection around, an anti-ransomware layer, exploit protection, URL filtering to block malicious websites, and modules to prevent attacks using PowerShell and malicious scripts.
A Device Control module limits the risk of infection from other devices by controlling access to USB sticks, external hard drives, optical storage media, even devices connecting by Bluetooth and FireWire. It's an unusual addition, but could make a difference if others are regularly plugging devices into your PC.
Just bear in mind that ESET NOD32 Antivirus isn't aimed at beginners. The interface is clumsy sometimes, some features are very advanced, and even the Help isn't always helpful.
Experienced users will appreciate ESET’s power and configurability, however. Above-average protection does a good job of keeping you safe, and a lightweight design ensures the package won't slow you down.
ESET Internet Security builds on NOD 32 and triples the number of devices covered plus offers firewall, botnet protection, webcam protection, antispam and more. Alternatively, you can purchase the ESET Smart Security Premium edition for not much more. It adds all of the above as well as password management and secure data.
- Read our full ESET NOD32 Antivirus review.
Best ransomware removal software
The best malware removal software available right now is: Malwarebytes Premium
If you're suffering from a malware infection and free software isn't getting the job done, Malwarebytes Premium could be the silver bullet you need. It uses heuristic analysis to identify new strains of malware, cleans up existing infections, helps protect you from phishing scams, and helps stop you downloading further malicious software in the future, including ransomware.
If you have a ransomware infection, Malwarebytes Anti-Malware should be your first port of call. It’s updated daily, so you can trust it to identify and remove new threats the minute they appear.
The first time you install Malwarebytes Anti-Malware, you’re given a 14-day trial of the premium edition, which includes preventative tools like real-time scanning and specific protection from ransomware. After two weeks, it reverts to the basic free version. This has to be activated manually, but is still a top-notch security tool. We recommend running it at least once a week to check or any nasties that you haven't noticed, or if you notice that your web browser has suddenly started acting strangely (likely a result of adware).
Recently, Malwarebytes bought Adwcleaner, which – as its name suggests – targets and removes annoying programs that hijack your browser by changing your homepage, resetting your default search engine, or adding unwanted toolbars. It’s also available free, and along with Anti-Malware, is a great addition to your security toolkit.
- Read our full Malwarebytes Anti-Malware review.
Not all ransomware encrypts data in the same way, so security software providers have to create specific solutions as new threats emerge. At the time of writing, the security experts at Avast have developed Free Ransomware Decryption Tools to tackle 21 different strains of file-locking ransomware.
To help you work out which one you need, Avast has provided a detailed description of how each form of ransomware works, what extension you’ll see on the encrypted files, and an example of the type of message the virus creators have prepared for their victims.
Once you’ve downloaded the appropriate tool, it will guide you through the process of wiping out the ransomware without paying the criminals. You’ll need to provide two versions of the same file – an encrypted one, and the original.
This will be easiest if you made a backup before the infection, but Avast also suggests locations where you might be able to find unaffected original files. The tool will then compare the two and use the results to determine the password.
Ransomware on your home computer is bad enough, but an infection that locks you out of your business PCs could be an absolute disaster. Your accounts, customer data, client information and work could all be encrypted – and it could affect multiple machines on the same network.
Kaspersky Anti-Ransomware Tool is designed to help small- and medium-sized businesses (SMBs) protect their data from such a catastrophe. Like Bitdefender Anti-Ransomware, it’s a preventative tool designed to prevent infection in the first place rather than decrypt files or unlock your desktop.
Kaspersky Anti-Ransomware Tool runs happily alongside your regular security suite, monitoring network activity for anything that matches known ransomware behavior. Its threat database is stored on Kaspersky’s cloud servers, so updates are pushed out to all users immediately
Ransomware vs Malware, what's the difference
Adam Kujawa, Director of Malwarebytes Labs:
“The term malware, or ‘malicious software,’ is an umbrella term that describes any malicious program or code that is harmful to systems, including ransomware. Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, often by taking partial control over a device’s operations. Like the human flu, it interferes with normal functioning. The motives behind malware vary - it can be about making money off you, sabotaging your ability to get work done, making a political statement, or just bragging rights."
Ransomware, which has been in the news quite a bit in 2021, however has been around in one form or another since the late 80s, is a specific type of malware that prevents users from accessing their system or personal files and demands ransom payment, usually via cryptocurrency or pre-paid money cards, in order to regain access. The most disruptive forms of ransomware are those that steal your data as well as encrypt it, with the attacker demanding payment in order to decrypt the files, and possibly requesting more funds for those same files to not be released publicly. The reason why this type of ransomware is so dangerous is that once the criminals have your files, no security software or system restore can return them to you. Unless you pay the ransom—for the most part, they’re gone. And even if you do pay up, there’s no guarantee the cybercriminals will give you those files back, or not try to extort you again in the future.”
How to detect ransomware?
We reached out to Jim Bowers, security architect at Technology Brokerage Inc, to find out what his thoughts are about strategies and methods for identifying and detecting ransomware. His answer is below
Ransomware continues to be one of most prevalent cybersecurity attack vectors and it will continue to rise, especially during the pandemic where we’ve seen an 800% increase in ransomware attacks. No organization - no matter the size, industry or net worth - is immune to these types of attacks
With the significant increase in ransomware attacks the last few months, businesses must be prepared to mitigate these attacks. Organizations need to take a layered approach to security to detect attacks ahead of time and protect themselves. A layered approach means implementing various solutions that secure the business at different endpoints. This can include the below elements:
While implementing the above tactics is crucial, there are several other signs to be aware of. Spam and phishing emails can be a quick and cost-effective route for threat actors to gain access to customer or business data. Ensure there is an email verification security system in place to detect these before employees even have a chance to see the email.
Detection systems should be automated to notify necessary teams of a ransomware attack, however there are other signs that a system has been compromised.
Suspicious network communications can be a sign of threat actor's interaction with the ransomware, and suspicious file activity can also be a sign of the ransomware attempting to access files, in an attempt to encrypt or remove data.