Ransomware, as the name suggests, takes your data hostage. It does so by encrypting all personal files it has access to with a digital key. Unless you have the counterpart to decrypt the files, you can only guess what the decryption-key is. Usually, the key is very long with a high entropy and different security mechanisms built-in. So just guessing ("brute forcing") the key might take several thousand years on our current hardware.
Usually, you do not want to wait that long, and you need your data. So what you do is you pay the ransom. In exchange you get the decryption-key, which you can enter into the ransomware program and it will (hopefully) decrypt your files and delete itself.
In order to protect yourself, you should (just my recommendations)
- always keep your software up to date. Ideally, use a package manager (I recommend Chocolatey for Windows) and have it run a global update once a day. The most recent ransomware attack could have been prevented that way, since Microsoft patched important attack vectors in March already!
- do not trust links in mails. Most ransomware infections happen because of mails. If there is a link, hover it (do not click it!) and take a look at the status bar. Usually it should display the link you are about to open. Is that really the site you want to open? Would you really visit
paypal.com.asdfaaa.tk/?mail=your.mail@interwebs.com if you receive a mail from Paypal which asks you to confirm your account data to unlock further payments?
- do not trust mail attachments. Only open attachments from known senders, which you expected to receive. If in doubt, contact the sender via a different medium (phone, SMS, etc.)
- at the moment, there is a discussion whether anti-virus software on Windows is good or bad. Imho, just use the Windows Defender and add anti-malware and anti-spyware software to the mix. For Windows, I recommend MalwareBytes and Spybot. Spybot Version one even includes a registry-monitor, which asks you to confirm questionable registry changes (at least works well on older Windows versions. It helped me stop quite a few infections on my computers in the past! However, it seems they removed it from version two...) If you are on Linux, go for a clean user-rights management. Only use SU when really needed. Configure the firewall to be restrictive and only allow the ports you really need and use. As for AV, you might want to use ClamAV. You can enrich your protection with rkhunter and Tripwire. Have your software do regular system checks (e.g. once a week) and have them scan files on access.
- do backups regularly and store them on an external drive which you keep disconnected except for backup operations.
- have SMB drives always ask for the password on connect and keep them disconnected when they are not needed. Ideally, keep the server itself offline (e.g. turned off) while not needed (not always possible)