> There is a ramsomware variant that encrypts the files but silently decrypts $
This depends on the backup-taking accessing the files in a way that doesn't trip the decryption. It also depends on nobody test-restoring from the backups, or at least not sanity-checking the results if they do. It also depends on being able to infect the OS and sit there for months without anyone noticing. > As to how one can become infected, see http://www.theregister.co.uk/2015/08/$ This depends on the user - perhaps by proxy in the form of something the user runs - executing content offered by the malvertising-serving server. Thus, defense in depth: (1) Don't run things that execute live content without explicit, specific approval by the user. Educate users as to the few cases when giving such approval is sane. (2) Avoid common OSes and ISAs, so that most malware (ransomware or otherwise) can't run even if it gets through to the machine. (3) Test-restore from your backups periodically. Of course, most people will say they "can't" do one or more of those, actually meaning they're not willing to pay the prices involved. Such people need to realize that they will pay one price or the other, and they'll just have to decide which prices they prefer. Personally, I do about two and a quarter of the above: (1), 3/4 of (2), and 1/2 of (3). /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B