Photo via Adikos/Flickr

You’ve probably seen a lot of stories about “ransomware” in the past few days. That’s thanks to a huge, worldwide attack on both everyday computer users as well as huge companies and even public service institutions like the UK’s National Health Service.

DO I HAVE IT?! Let’s get this out of the way first: It could only get onto your computer IF you were still running old versions of Windows, especially Windows XP. If you installed your updates like you ALWAYS should, you’re fine.

The attack was a computer virus that installed ransomware on computer systems. It’s called WannaCry, and that’s a fitting name. It seems like everyone is freaking out, and if you’re in the dark it’s hard to know what to make of any of it, so here’s a breakdown on all of it.

What is ransomware?

As the name suggests, ransomware actually holds your computer hostage. Once it’s on your computer, it takes control of your files and folders by encrypting them. By encrypting your computer’s files, it essentially prevents you from being able to use them, usually until you pay a certain amount to the hackers. You know you’ve been hit with ransomware when you see a message like this one, from the WannaCry attack this past week:

If you don’t pay by a certain date and time, the virus locks you files forever, and you’ll lose everything you have on your computer. As if that isn’t bad enough, there’s a good chance that even if you do pay the virus won’t actually give you your files back. I guess there’s no honor in hackers these days.)

How do you get it? 

A virus that installs ransomware on your system can get on your computer in many different ways, from opening a sketchy email to downloading a compromised file from a file sharing site. WannaCry was especially powerful because it used an exploit in Microsoft Windows to spread itself through shared files, drop boxes, and connected networks. Basically, if one computer accidentally came in contact with the virus, it every computer connected to it was going to end up catching the bug, too.

Microsoft already repaired the gap in its security, but the computers that caught WannaCry hadn’t been updated with the new software yet.

Most computer viruses and ransomware don’t spread so easily, and downloading files from unverified places on the web is still the most likely cause of finding ransomware on your system. You’ve heard the old tip about never downloading attachments or opening files from random people, right? Well that still holds true today.

How to protect yourself

Now that you know what ransomware is, you obviously want to know how to keep yourself from falling victim. The first tip, as mentioned above, is to use common sense when browsing online or combing through your email. Never download weird files from sites you don’t recognize, and never unzip attachments that end up in your inbox from people you don’t know. Even if you get an email from a name you recognize, don’t click on attachments if you’re not expecting something from them. You can always email or text and ask them if they sent you something. 

Likewise, you should always keep your computer up-to-date with the latest software updates from Microsoft or Apple. The updates might seem annoying at the time, but they often include extremely crucial security tweaks that will keep you safe from attacks just like WannaCry.

Of course, it’s impossible to keep yourself 100% safe online these days unless you just turn your computer off and never use it, but there’s one thing you can do to make sure ransomware can’t actually do any damage at all: back up your files. By making a copy of your files through the Windows backup function (just type “backup” into the Windows start menu and you’ll find the tool in about two seconds), you can save all your files in a place where viruses can’t touch them. All your family photos, tax documents, digital pay stubs, and important emails should be kept on a backup and updated frequently. Then, when you’re done backing up your data, you should always unplug your backup drive from your computer, which will make it impossible for ransomware to lock it down and demand money.

Whatever you do, never pay a ransom if you’re hit with this type of computer virus. Doing so not only encourages hackers to use this technique, but the virus probably won’t unlock your files anyway, because the hackers don’t really care about you, they’re just looking for a quick payday.