Skip to content



En español
 | It's a nightmare scenario: You're doing work, answering emails or browsing the web when suddenly your computer or mobile device stops working. A taunting message takes over your screen, informing you that some faceless internet villain has seized control of the machine and all of your data. To get it back, the message claims, you'll have to fork over a payment.

Ransomware is a particularly devious type of malicious software, or malware. You can inadvertently download ransomware onto your computer or device by clicking on an online ad or email link, opening an attachment or, in some cases, simply going to a website where it has been planted (a form of attack called a drive-by download).

Have you seen this scam?

Sign up for Watchdog Alerts for more tips on avoiding scams.

Once the program installs itself, it will lock up your computer and communicate the demand for payment, usually in a cryptocurrency such as Bitcoin, Ethereum or Ripple (although ransomware crooks have been known to demand gift cards). More vicious strains of malware will encrypt the files and folders on your machine, external drives you have plugged into it, and possibly even other computers on your home or office network.

The FBI's Internet Crime Complaint Center (IC3) logged nearly 2,500 complaints of ransomware attacks against individuals, businesses and organizations in 2020, with reported losses topping $29 million — more than triple the toll of such scams in 2019. The bureau says those figures probably do not reflect either the real number of cases or the true costs of recovery, which can include not just ransom payments but also lost staff time, computer equipment and files, and the expense of hiring tech help to restore machines and networks.

Be especially vigilant if you own or work for a small business. Fifty-five percent of ransomware attacks in the second quarter of 2020 targeted companies with 100 or fewer employees, according to cybersecurity firm Coveware, which helps businesses deal with extortion threats. But cybercrooks are increasingly going after bigger fish. Attacks against state and local government computer networks have severely affected public services in dozens of communities, including major cities like Baltimore and Atlanta.

As ransomware criminals become increasingly sophisticated, they're also brazenly planting malicious code on otherwise legitimate websites, according to the FBI. Some online scammers have combined ransomware with extortion, employing malware that generates a fake message from the FBI accusing victims of watching child pornography or downloading illegal files, and freezes their computers until they pay a “fine.”

How to Avoid a Ransomware Scam

Warning signs

  • An email or instant message that seems phishy. Phishing is the most common method hackers use to spread ransomware, so be wary of messages that appear to come from a trusted source such as a friend or your bank but seem off in some way (for example, the grammar is suspiciously bad or the sender's address looks wrong).
  • A pop-up on your computer or mobile device warns of viruses, promises a prize or redirects you automatically to another site.
  • An email with a Microsoft Word document attached asks you to “enable macros” or “enable content.” Opening the attachment or following the “enable” instructions allows the file to download ransomware or other malicious software onto your computer.


  • Do set your computer operating system, web browser and security software to update automatically so you're always protected against the latest threats.
  • Do back up all of your important data. You can do so to a portable drive, but consider also signing up for a cloud-based backup service that automatically backs up your files and saves previous versions so can get them back unencrypted.
  • Do unplug portable drives from your computer when not in use, to lessen the chances that they, too, will be encrypted in a ransomware attack.
  • Do use an ad blocker program or browser extension to help protect your device from malware planted in web ads.
  • Do disconnect an infected computer from your home or office network to prevent ransomware from spreading to other devices.


  • Don't click links in emails without first checking them out. Hover your cursor over the link, so you can see if the internet address, or URL, looks suspicious.
  • Don't open an email attachment unless you're expecting a file from someone and you know it's safe.
  • Don't click pop-up ads offering free software products that remove malware from your computer. Some ransomware developers use pop-ups to transfer their programs.
  • Don't go to websites that contain pornography, pirated movies or other unsavory stuff. Crooks often plant malware in those places.
  • Don't pay a ransom to online crooks if your computer is attacked. They may just up the price, then destroy your data or leave it encrypted anyway.

More Resources

Updated April 1, 2021

About the Fraud Watch Network

Whether you have been personally affected by scams or fraud or are interested in learning more, the AARP Fraud Watch Network advocates on your behalf and equips you with the knowledge you need to feel more informed and confidently spot and avoid scams.

More From the Fraud Resource Center

Join the Discussion

0 %{widget}% | Add Yours

You must be logged in to leave a comment.