How File Extensions Can Protect You From Ransomware

Ransomware is a serious threat. The consequences of getting infected with such virus are never easy. You lose important data and in many cases it cannot be decrypted. Many people end up paying the ransom as sometimes there is no other way to get back everything that was lost. And businesses are even more sensitive to this kind of malware as each day of being locked out of your system can cost thousands.

More and more people search for prevention methods as they have already heard stories about others being infected and how often this results in disasters. However, there is no panacea for all ransomware. Sometimes it slips even through fully updated antiviruses as they fail to detect newly appeared versions. Sometimes it uses unconventional ways like fileless injection. And sometimes a simple human error results in devastating the whole network.

Making backups is not a perfect solution either. They tend to get outdated quickly. Also, you need to keep them on a completely separate media and have several versions to make sure that you do not back up already encrypted files. Backups, as well as other previously mentioned prevention methods require investment in time to set them up and constant maintenance. So what if you are just an average user who is looking for an easier way to avoid the ransomware menace?

While thinking about how to quickly and easily protect yourself from ransomware, an idea about file extensions came to our mind. Since most of the ransomware is programmed to target only specific file directories and extensions, why not simply change the extensions of very important files and place them where no virus would look?

Most ransomware has predefined list of targeted file types. This is done in order to save time by skipping unimportant files, target only important files and avoid damage to the Windows by skipping important operating system files.

For example, most ransomware skips the following directory:

C:/Program Files

You can create a folder there, place a shortcut to it on your desktop and keep important files away from ransomware eyes.

Let’s say you are writing a very important thesis and have it saved as follows:


After you finish editing it, simply change the extension to something random:


The file should become ineligible for encryption. If you need to edit the file you can immediately change the extension back to normal and open it with Microsoft Word without any problems.

Obviously, this requires some level of computer experience since you will need to remember what the original extension was. And we do not recommend leaving it in the file name as the ransomware might still detect it (e.g. having a file named “thesis.docx.gbwhjoh” is not ideal. A better version would be to simply add numbers or other symbols after the first extension letter (e.g. “thesis.d111ocx”). This way you will not need to scratch your head trying to remember what was the original file format before.

As you can see, this is a very quick method and does not require as much effort as, for example, constantly making backups or editing your documents online. Another upside is that file size does not matter at all. While you would spend minutes or hours trying to backup huge archives, renaming the file only takes seconds.

Obviously, this method might not always work as more and more ransomware versions are developed. For example, there are ransomware viruses that lock and encrypt your whole C: disk instead of individual files. However, the vast majority of such malware still encrypt files one by one and rely on targeted extensions and directory lists.

So go ahead and enable file extensions on your computer. It does not take a lot of effort and can also help you identify threats beforehand. For example, you will be able to see that the email attachment you just downloaded has a .js extension and is dangerous to open.

Here is how to see the extensions in Windows 10:

And here is how to do the same in Windows 7:

  1. Milton says:

    This is not a good solution, because some ransomware’s check the file signature, so, even if you change the extension the file signature tell’s you what type of file is that.

Leave a Reply

Your email address will not be published. Required fields are marked *

Begin typing your search above and press return to search. Press Esc to cancel.