1.

Implement the 3-2-1-1-0 Backup Strategy

{{whyLabel}}: Backups are the only 100% effective cure for ransomware; if your files are encrypted, you simply restore them.

{{howLabel}}:

Keep 3 copies of data (Original + 2 backups).
Use 2 different media types (e.g., External HDD and Cloud).
Keep 1 copy off-site (Cloud).
Keep 1 copy offline (disconnected HDD) or immutable (cannot be deleted).
Ensure 0 errors by verifying the backup logs.

{{doneWhenLabel}}: You have two separate backup copies of your critical data in different locations.

2.

Set up an Immutable Cloud Backup

{{whyLabel}}: Modern ransomware specifically targets and deletes cloud sync folders (like Dropbox/OneDrive); immutability prevents any deletion for a set period.

{{howLabel}}:

Choose a provider that supports Object Lock or Point-in-time recovery (e.g., Backblaze B2 or Wasabi).
Configure a retention policy of at least 30 days.
Sync your most important folders (Documents, Photos) to this bucket.

{{doneWhenLabel}}: A cloud backup is running with a 'locked' version history that cannot be deleted by a local virus.

3.

Create an Offline Air-Gapped Backup

{{whyLabel}}: Ransomware can spread to any drive physically connected to your PC; an 'air-gapped' drive is invisible to the virus.

{{howLabel}}:

Plug in an external USB hard drive.
Copy your critical files manually or use a backup tool.
Crucial: Unplug the drive and store it in a drawer once the copy is finished.

{{doneWhenLabel}}: Your most important data is stored on a drive that is physically disconnected from your computer.

4.

Test a Full Data Restoration

{{whyLabel}}: A backup is useless if it doesn't work; testing ensures you can actually recover when disaster strikes.

{{howLabel}}:

Pick a random file from your backup.
Restore it to a different folder on your PC.
Open the file to ensure it is not corrupted.

{{doneWhenLabel}}: You have successfully restored and opened at least three files from your backup media.

5.

Enable Windows Controlled Folder Access

{{whyLabel}}: This built-in Windows feature prevents unauthorized apps from modifying files in your protected folders.

{{howLabel}}:

Open Windows Security > Virus & threat protection.
Scroll to Ransomware protection and click Manage ransomware protection.
Toggle Controlled folder access to On.
Add custom folders (like your work project folder) if they aren't in the default list.

{{doneWhenLabel}}: The 'Controlled folder access' toggle is set to 'On'.

6.

Create a Standard User Account for Daily Use

{{whyLabel}}: If you are logged in as an Administrator, ransomware has full permission to infect system files; a Standard account limits the damage.

{{howLabel}}:

Go to Settings > Accounts > Other users.
Click Add account and create a new user without administrative rights.
Use this new account for your daily browsing and work.
Only use the Admin account when installing software.

{{doneWhenLabel}}: You are logged into a 'Standard' user account for your daily activities.

7.

Disable Remote Desktop Protocol (RDP)

{{whyLabel}}: RDP is the #1 entry point for targeted ransomware attacks; hackers use 'brute-force' to guess your password and take control.

{{howLabel}}:

Go to Settings > System > Remote Desktop.
Ensure the toggle for Remote Desktop is set to Off.
If you use Windows Home, this is likely off by default, but verify it.

{{doneWhenLabel}}: Remote Desktop is confirmed as 'Off' in system settings.

8.

Enable 'Show File Extensions' in Explorer

{{whyLabel}}: Attackers hide malware by naming files 'Invoice.pdf.exe'; Windows hides the '.exe' by default, making it look like a safe PDF.

{{howLabel}}:

Open File Explorer.
Click View > Show.
Check the box for File name extensions.

{{doneWhenLabel}}: You can see the full extension (e.g., .docx, .exe) for every file on your desktop.

9.

Disable Microsoft Office Macros

{{whyLabel}}: Many ransomware strains are delivered via malicious Excel or Word macros that download the virus once the document is opened.

{{howLabel}}:

Open Word or Excel.
Go to File > Options > Trust Center > Trust Center Settings.
Select Macro Settings.
Choose Disable all macros with notification.

{{doneWhenLabel}}: Office is configured to block macros by default.

10.

Install a Layered Antivirus Solution

{{whyLabel}}: While Windows Defender is good, a second layer specializing in behavioral analysis can catch 'Zero-Day' ransomware.

{{howLabel}}:

Use Windows Defender as your primary real-time shield.
Install a secondary scanner like Malwarebytes (Free) for weekly deep scans.
Alternatively, use a reputable suite like Bitdefender Antivirus Free which has high ransomware detection rates.

{{doneWhenLabel}}: A reputable antivirus is active and has completed its first full system scan.

11.

Configure DNS Filtering via Quad9

{{whyLabel}}: DNS filtering blocks your computer from connecting to known 'Command & Control' servers used by ransomware to coordinate attacks.

{{howLabel}}:

Go to Settings > Network & Internet > Ethernet/Wi-Fi.
Edit DNS server assignment.
Set IPv4 to 9.9.9.9 (Primary) and 149.112.112.112 (Secondary).
This service (Quad9) automatically blocks malicious domains.

{{doneWhenLabel}}: Your network settings show 9.9.9.9 as the active DNS server.

12.

Update Router Firmware and Disable WPS

{{whyLabel}}: An insecure router is a gateway for hackers to enter your home network and target your PC.

{{howLabel}}:

Log into your router admin panel (usually 192.168.1.1).
Check for and install any Firmware Updates.
Find the WPS (Wi-Fi Protected Setup) setting and turn it Off (it is easily hacked).
Change the default admin password if you haven't already.

{{doneWhenLabel}}: Router is updated and WPS is disabled.

13.

Install uBlock Origin on All Browsers

{{whyLabel}}: 'Malvertising' (malicious ads) can infect your computer just by loading a compromised website; an ad-blocker stops these scripts.

{{howLabel}}:

Go to the Chrome Web Store or Firefox Add-ons.
Search for uBlock Origin (ensure it is the one by Raymond Hill).
Click Add to Browser.
This blocks scripts that often serve as the first stage of a ransomware infection.

{{doneWhenLabel}}: The uBlock Origin icon is visible in your browser toolbar.

14.

Enable Multi-Factor Authentication (MFA) on Email

{{whyLabel}}: Ransomware often starts with a hijacked email account; MFA ensures that even if they have your password, they can't get in.

{{howLabel}}:

Log into your primary email (Gmail, Outlook, etc.).
Go to Security Settings.
Enable Two-Step Verification using an app (like Google Authenticator) rather than SMS if possible.

{{doneWhenLabel}}: You are prompted for a code when logging into your email from a new device.

15.

Schedule a Monthly 'Security Sunday' Audit

{{whyLabel}}: Security is a process, not a product; settings can change and backups can fail over time.

{{howLabel}}:

Set a recurring calendar invite for the first Sunday of every month.
Checklist: 1. Check backup logs. 2. Run a manual Malwarebytes scan. 3. Check for Windows/Software updates.

{{doneWhenLabel}}: A recurring event is visible in your digital calendar.

16.

Print a Ransomware Emergency Checklist

{{whyLabel}}: If you are attacked, you will panic; a physical checklist tells you exactly what to do when your screen is locked.

{{howLabel}}:

Write down these steps: 1. Disconnect from Wi-Fi/Ethernet immediately. 2. Power off the PC. 3. Do not pay the ransom. 4. Wipe the drive and restore from the offline backup.
Print this and tape it near your desk.

{{doneWhenLabel}}: A physical piece of paper with emergency steps is located near your computer.

Ransomware protection home

Projekt-Plan