The concept of holding someone for ransom is a familiar part of our cultural lexicon at this point. We’ve all seen the movies — someone gets kidnapped, the kidnappers call with a demand, the hero raises to rescue the victim before it’s too late. But these days, a more realistic storyline would be not about holding a person for ransom but instead about holding someone’s data for ransom.

It’s called ransomware.

Here’s how ransomware works.

Cyber criminals gain access to your computer using one of a few methods. The original ransomware attacks came via email, with links that would download malware to the computer and then take it hostage. While this method is definitely still in use, cyber criminals have expanded to other approaches, including spam advertising, exploiting vulnerable software, and infecting otherwise legitimate websites. This is by no means an exhaustive list, though — the problem with cyber criminals is that they’re constantly coming up with new ways to attack.

Once a person clicks on the link or downloads the file or views the infected site, their computer is taken over by malicious software, blocking them from accessing their data. They then get message from the hackers, demanding a certain amount of money in order to regain access to their data. Sometimes there will be an additional demand for more money if the criminals don’t get the amount within a certain period of time.

The one thing that all ransomware attacks have in common is that they utilize fear to get you to meet their demands. Fear of losing all of your files — or, perhaps, fear of exposure if some of those files are embarrassing or personal — can make people act quickly and irrationally, just like they do in the movies. But if you’re hit with a ransomware attack, it’s important to not be reactive. There are steps you can take to get back your data — and none of them involve paying the cyber criminals.

What can you do if your data has been taken hostage via ransomware?

First of all, turn off your computer and disconnect from the internet. Second, you need to take your computer to a specialist who can remove the virus for you — that’s the person you should be paying, not the cyber criminals. Third, inform your local FBI office or file a complaint with the Internet Crime Complaint Center so that law enforcement knows what’s happening.

And while you might be tempted to pay the ransom, we all know the plot line where the ransom is paid — but the hostage is shot anyway. The same thing can happen to your data, and the FBI actually doesn’t recommend paying the ransom.

“Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom,” they said in a released statement. “Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers.”

Prevention is the best protection.

While abductions of humans are probably pretty hard to prevent, abduction of your data is preventable.

• Don’t click on any emails from senders you don’t know.
  And definitely don’t click any links in those emails if you do open them. If it feels sketchy, it’s probably sketchy so even if it looks like it maybe could be from someone you know, go with your gut and avoid it. You’re better safe than sorry.
• Keep your software up to date.
  Cyber criminals like to exploit people’s laziness and vulnerabilities in out-of-date software is a great way to do that.
• Don’t click on ads.
  This is probably good advice in general, but particularly for ransomware. If you really want to avoid ads all together, install an ad blocker so that you don’t ever risk being targeted this way.
• Don’t download apps or programs from sketchy sources.
  They can easily be infected with ransomware.
• Back up everything.
  This is another good practice, regardless of protection against cyber criminals. But in the case of ransomware, criminals can’t hold your data for ransom if have your own copy, can they? Use a cloud service and a physical external hard drive for extra protection.
• Use a VPN.
  In addition to keeping your browsing history private, Tenta protects your computer from malware, ransomware, and all other kinds of malicious attacks. If you really want to make sure you’re protected from this kind of attack, Tenta is the way to go.