Move over viruses, step aside worms: Ransomware has the spotlight and isn’t about to give it up. From taking down entire fuel pipelines to hijacking hospital networks, it’s the cyberattack du jour. Not only do you have the potentially disastrous consequences of being locked out of your most important files and systems, you also have to decide if you’re willing to pay cold, hard cash to get access to them again, if you even get access after paying.

That’s where the name comes from—ransomware attacks literally hold your data for ransom. There are a few variations on the theme, but it’s usually very recognizable. Malware is used to encrypt your files (in some cases even double-encrypt them) so they require a specific key to be unlocked. The damage can quickly spread across computers and networks. In some cases you might be locked out of your system completely, along with any other systems on the same network.

Ransomware isn’t particularly difficult to develop or deploy, and it’s profitable. While it started out as a problem for home users, it has now spread to become a problem for businesses, and several high-profile attacks have recently targeted government agencies and infrastructure companies. The threat is very real no matter who you are—so how do you protect against it?

Keeping ransomware off your computer isn’t actually much different from keeping any other kind of malware at bay, and very similar rules apply. A ransomware attack can’t happen without some access to your system, which is usually achieved through a rogue application—be cautious about downloading or opening any files from the web or your email if you’re not certain of their source.

Hackers now use a variety of social engineering techniques—such as spoofing an email that looks like it’s an urgent missive from your boss—to try and get you to install something you shouldn’t or to download files you think are attachments but aren’t. Think and think again before opening and running anything on your computer, especially if it arrives without warning.

Windows and macOS

Windows and macOS

Screenshot: David Nield via Microsoft

Ransomware doesn’t always have to trick you into installing something: It can sometimes spread on its own by exploiting security holes in legitimate software that hasn’t been properly updated or patched. This is one of the reasons you should generally install as few software programs on your computer as possible, and stick to developers that can be trusted to keep their applications secure and provide necessary security updates in a timely manner.

Besides being careful in terms of what you do on your computer and the programs you grant access, the standard three rules of system security apply: Update, protect, and back up. All malware, including ransomware, often exploits older or unpatched software, which is why it’s vital that everything running on your computer (and yes, that includes both Windows and macOS users) is up to date with at least the latest security updates.

Those nagging operating system updates are annoying for a reason—it’s really important that you get them installed. The good news is that software updates are so vital to security that they’re mostly handled automatically and in the background by most programs. Google Chrome, for example, downloads updates on its own, and you’ll see a color-coded icon in the toolbar when an upgrade is required. (It gets closer to red as the upgrade gets more urgent.)