The concept of holding someone for ransom is familiar to all of us. We’ve all seen the movies — someone gets kidnapped; the kidnappers call with a demand; the hero races to rescue the victim before it’s too late. But these days, a more realistic storyline would be not about holding a person for ransom, but instead about holding someone’s data for ransom.

It’s called ransomware. And it’s a rapidly growing cybersecurity problem you need to be aware of.

How ransomware works

Ransomware is all about taking over your device — usually a computer — and then denying you access to it until you pay the ransom. The original ransomware attacks came via email, with links that would download malware to the computer and then take it hostage.

But while this method is definitely still in use, cyber criminals have expanded to other approaches, including spam advertising, social media messaging, exploiting vulnerable software, and infecting otherwise legitimate websites. This is by no means an exhaustive list, though — the problem with cyber criminals is that they’re constantly coming up with new ways to attack.

One method of attack that’s becoming increasingly popular is phishing. Phishing is when an attacker sends an email disguised to look like it’s coming from someone important in a person’s life, like their boss or their spouse. The emails usually require some kind of urgent action , like sending information or clicking a link.

Once a person clicks on the link or downloads the file or views the infected site, their computer is taken over by malicious software, blocking them from accessing their data. (Another method is a redirect to a “secure” site, where the target voluntarily enters personal information that leads to a device takeover.) They then get message from the attackers, demanding a certain amount of money in order to regain access to their data. Sometimes there will be an additional demand for more money if the criminals don’t get the amount within a certain period of time.

The one thing that all ransomware attacks have in common is that they utilize fear to get you to meet their demands. Fear of losing all of your files — or, perhaps, fear of exposure if some of those files are embarrassing or personal — can make people act quickly and irrationally, just like they do in the movies. But if you’re hit with a ransomware attack, it’s important to not be reactive. There are steps you can take to get back your data — and none of them involve paying the cyber criminals.

What to do if your data has been taken hostage

First of all, turn off your computer and disconnect from the internet. Second, you need to take your computer to a specialist who can remove the virus for you — that’s the person you should be paying, not the cyber criminals. Third, inform your local FBI office or file a complaint with the Internet Crime Complaint Center so that law enforcement knows what’s happening.

And while you might be tempted to pay the ransom, we all know the plot line where the ransom is paid — but the hostage is shot anyway. The same thing can happen to your data, and the FBI actually doesn’t recommend paying the ransom.

Says the FBI in a released statement,

Prevention is the best protection

While abductions of humans are probably pretty hard to prevent, abduction of your data is preventable.

1. Don’t click on any emails from senders you don’t know

And definitely don’t click any links in those emails if you do open them. If it feels sketchy, it’s probably sketchy so even if it looks like it maybe could be from someone you know, go with your gut and avoid it. You’re better safe than sorry.

2. Keep your software up to date

Cyber criminals like to exploit people’s laziness and vulnerabilities in out-of-date software is a great way to do that.

3. Don’t click on ads

This is probably good advice in general, but particularly for ransomware. If you really want to avoid ads all together, install an ad blocker so that you don’t ever risk being targeted this way.

4. Don’t download apps or programs from sketchy sources.

They can easily be infected with ransomware.

5. Back up everything

This is another good practice, regardless of protection against cyber criminals. But in the case of ransomware, criminals can’t hold your data for ransom if have your own copy, can they? Use a cloud service and a physical external hard drive for extra protection.

6. Use anti-ransomware software

When you consider that ransomware costs businesses around $75 billion per year, it’s not surprising that there are now software solutions available to protect you.

In addition to keeping your browsing history private, Tenta protects your Android device from malware, ransomware, and all other kinds of malicious attacks. Tenta Adblock is an open source, general-purpose blocker that blocks ads, trackers and malware sites, and is optimized for mobile devices.