My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Ransomware Protection

Disrupts Trojan attempts to encrypt your files

Encryption ransomware is one of the most common types of malware. Cybercriminals use it to corrupt user files and demand a ransom to decrypt them. In other words, they count on users being in a helpless and panicked state so that they can engage in everyday blackmail.

Traditional signature-based protection cannot detect absolutely every single threat at the moment of attack. This is because the virus databases on a PC may not yet have been updated. The Ransomware Protection will detect the most newly released encryption ransomware. It identifies up to 98% of encryption ransomware programs thanks to special algorithms that control the behaviour of running programs. This enables Dr.Web to effectively resist unknown threats.

Disabling this module is not recommended. Because encryption ransomware code often contains numerous errors, files are often irrevocably corrupted. In addition, cybercriminals frequently deceive users.

The Ransomware Protection module’s flexible settings let you decide which programs can have access to your data. You can grant the programs you use full access to your files by adding them to the list of trusted applications.

! Attackers create malicious applications that imitate the actions of popular programs, or they exploit vulnerabilities to inject their code into existing applications. Incidents of infected applications being hosted on developer websites have even occurred. That's why, you should not grant full access to your data without first consulting the Doctor Web technical support service.

By default, the Ransomware Protection module in Dr.Web is configured to respond with Block. You can change that to Prompt, in which case, every time the protection system detects a suspicious object, you will decide whether the program requesting access to your file is malicious.


Decryption for ransomware-encrypted files is available free of charge to Dr.Web users if the Dr.Web terms of use were being met at the moment the incident occurred.

Find out more

  • The information project "Encryption ransomware: Threat No. 1" will describe the odds of successfully recovering corrupted files, what to do when a system is infected by Trojan.Encoder programs, and why attackers should never be paid a ransom for decryption.
  • The brochure "An outbreak since 2006" which is about encryption ransomware, will describe the developmental stages of this type of program. Users will particularly appreciate our recommendations on what they should never do if their files get corrupted by encryption ransomware.
  • Issues of the new Anti-virus Times column "Encrypt everything" will be useful additional information about encryption ransomware. Each issue of the column contains a brief guide on what competent users do so that they never encounter encryption ransomware.