Contrary to popular belief, ransomware has been around for decades. The first malware program to lock up people\u2019s files and ask for a ransom was the PC Cyborg Trojan in 1989. It was created by Harvard-trained evolutionary biologist Dr. Joseph Popp, who was working on several AIDS-related projects at the time.Dr. Popp sent a floppy disk containing a program covering AIDS information, teaching, and testing to tens of thousands of mailing list subscribers. At startup, a crude EULA warned users they had to pay for the program\u2014and the author reserved the legal right to \u201censure termination of your use of the programs .... These program mechanisms will adversely affect other program applications on microcomputers.\u201d Most people didn\u2019t read the EULA and ran the program without paying for it.After 90 boots, the program crudely encrypted\/obfuscated the user\u2019s hard drive data, rendering it inaccessible, and asked for a payment of $189 to be sent to a Panamanian post office box. (Check out a great analysis of the Trojan.)Ransomware evolutionEarly ransomware used symmetric key encryption, and the cipher algorithm was often poorly constructed. Encryption experts could frequently break the ransomware easily, and because the symmetric key was the same shared key in every infection, every computer touched by the same ransomware program could be unlocked at once.Eventually, ransomware authors learned to use public key cryptography (where both a private key and a second public key is involved) and started to use popular, well-known, well-tested cipher algorithms. A different key pair was generated for each infection, which made ransomware a very difficult problem to solve.By the middle 2000s, tough-to-break ransomware was becoming very popular, but the problem of how hackers would collect their money remained. Real money and credit card transactions can be traced.Enter CryptoLocker, the first widespread ransomware program to demand bitcoin payments. CryptoLocker first appeared in 2013. When matched with randomly generated email addresses and \u201cdarknet\u201d pathways, it became almost impossible to catch ransomware hackers. Ransomware writers and distributors are now making tens, if not hundreds of millions, of dollars off their victims.These days ransomware keeps getting more dangerous and targeted. Ransomware programs are now being developed to attack specific types of data, such as\u00a0database tables, mobile devices, IoT units, and televisions. This page chronicles\u00a0all the significant developments from the last year or so.Defeating ransomwareFirst, you need to verify that you\u2019ve actually been hit by ransomware. Less sophisticated programs merely take over your current browser session or computer screen. They make the same blackmail claims as a more sophisticated ransomware program, but don\u2019t encrypt any files. All you need to do is reboot the computer and\/or use a program like Process Explorer to remove the malicious file.Nothing beats a good backup.\u00a0Nothing beats a current, offline backup. The \u201coffline\u201d part is important because many ransomware programs will look for your online backups and render them unusable, too.Get patched.\u00a0Making sure your system is fully patched is a great way to prevent any malware from infecting your computer. But also see if they are the real patches from the real vendors. Unfortunately, fake patches often contain ransomware.Don\u2019t get tricked.\u00a0Don\u2019t let yourself get socially engineered into installing ransomware. In other words, don\u2019t install anything sent to you in email or offered to you when visiting a website. If a website says you need to install something, either leave the website and don\u2019t go back\u2014or leave the website and install the software directly from the legitimate vendor\u2019s website. Never let a website install another vendor\u2019s software for you.Use antimalware software.\u00a0Everyone needs to run at least one antimalware program. Windows comes with Windows Defender, but there are dozens of commercial competitors and some good freebies. Ransomware is malware. Antimalware software can stop the majority of variants before they hit.Use a whitelisting program.\u00a0Application control or whitelisting programs stop any unauthorized program from executing. These programs are probably the best defense against ransomware (besides a good offline backup). Although many people think application control programs are too cumbersome to use, expect them to become much more accepted as ransomware continues to grow, at least in business computing. The days of allowing employees to run any program they want are numbered.What to do if you\u2019re locked upIf all your critical data is backed up and safe, then you\u2019ll be back in business in a few hours\u2019 time. You\u2019ll still need to reformat\/reset\/restore your device, however. Luckily, that process gets easier with each new operating system version.Using another safe, uninfected computer, restore your backup. Apply all critical security patches, restore your data, and resolve never to do what you did that got your device locked up in the first place.If you don\u2019t have a clean backup copy of your critical data and absolutely need the data, you have two options: Find an unlock key or pay the ransomware demand. Using another safe, trusted computer, research as much as you can about the particular ransomware variant you have. The screen message presented by the ransomware will help you identify the variant.If you\u2019re lucky, your ransomware variant may already have been unlocked. Many antimalware vendors have programs to detect and unlock ransomware (if it recognizes the variant and has the unlock key). Run that program first.It may take an offline scan to get rid of the ransomware. Several websites also offer unlocking services, free and commercial, for particular ransomware variants. Here\u2019s an example of a ransomware unlocker. Also, believe it or not, ransomware distributors will even occasionally apologize and release their own unlocking programs.Lastly, many people choose to pay the ransomware to recover their files. Most experts and companies recommend against paying ransom because it only encourages the ransomware creators and distributors. Yet quite often it works. It\u2019s your computer and data, so it\u2019s up to you whether to pay the ransom.Be aware that in many cases people have paid up and their files have remained encrypted. But these cases seem to be in the minority. If ransomware didn\u2019t unlock files after the money was paid, everyone would learn that\u2014and ransomware attackers would make less money.I hope you never become a ransomware victim. The odds of infection, unfortunately, are getting worse as ransomware gains popularity and sophistication.