Skip to content



En español | It’s a nightmare scenario: You’re doing work, answering emails or browsing the web when, suddenly, your computer or mobile device stops working. A taunting message takes over your screen, informing you that some faceless internet villain has seized control of the machine and all of your data. To get it back, the message claims, you’ll have to fork over a payment.

Ransomware is a particularly devious type of malicious software, or malware. You can inadvertently download ransomware onto your computer or device by clicking on an online ad or email link, opening an attachment or, in some cases, simply going to a website where it has been planted (a form of attack called a drive-by download).

Once the program installs itself, it will lock up your computer and communicate the demand for payment, usually in a cryptocurrency such as Bitcoin, Ethereum or Ripple (although ransomware crooks have been known to demand gift cards). More vicious strains of malware will encrypt the files and folders on your machine, external drives you have plugged into it, and other computers on your home or office network.

Have you seen this scam?

Sign up for Watchdog Alerts for more tips on avoiding scams.

That last threat — hackers’ ability to infect large computer networks after gaining a single point of entry — has made ransomware increasingly lucrative for international criminal gangs that target government agencies, health care systems and large corporations, including Colonial Pipeline, the gas carrier that was infamously shut down by cybercrooks for several days in May.

While attacks on such big fish grab headlines, small and medium-sized businesses are also in the line of fire. More than 37 percent of ransomware attacks in the first quarter of 2021 targeted companies with 100 or fewer employees, according to cybersecurity firm Coveware, which helps businesses deal with extortion threats.

Whatever the target, the price can be high. Coveware’s tracking puts the median ransom payment at more than $78,000. The true cost of recovering from ransomware can be much higher, as the FBI notes, including lost staff time, computer equipment and files, and the expense of hiring tech help to restore machines and networks.

How to Avoid a Ransomware Scam

Warning signs

  • You get an email or instant message that looks phishy. Phishing is the most common method hackers use to spread ransomware, so be wary of messages that appear to come from a trusted source, such as a friend, a coworker or your bank, but seem off in some way (for example, the grammar is suspiciously bad or the sender’s address looks wrong).
  • A pop-up on your computer or mobile device warns of viruses, promises a prize or redirects you automatically to another site.
  • An email with a Microsoft Word document attached asks you to “enable macros” or “enable content.” Opening the attachment or following the enable instructions allows the file to download ransomware or other malicious software onto your computer.


  • Do set your computer operating system, web browser and security software to update automatically so you’re always protected against the latest threats.
  • Do back up all of your important data. You can do so to a portable drive, but also consider signing up for a cloud-based service that automatically backs up your files and saves previous versions so can get them back unencrypted.
  • Do unplug portable drives from your computer when not in use, to lessen the chances that they, too, will be encrypted in a ransomware attack.
  • Do use an ad-blocker program or browser extension, to help protect your device from malware planted in web ads.
  • Do disconnect an infected computer from your home or office network, to prevent ransomware from spreading to other devices.
  • Do be especially vigilant if, like millions of others during the pandemic, you’re working from home. Home computers and networks may have more security vulnerabilities than company systems directly managed by IT staff.


  • Don’t click links in emails without first checking them out. Hover your cursor over the link, so you can see if the internet address, or URL, looks suspicious.
  • Don’t open an email attachment unless you’re expecting a file from someone and you know it’s safe.
  • Don’t click on pop-up ads offering free software products that remove malware from your computer. Some ransomware developers use pop-ups to transfer their programs.
  • Don’t go to websites that contain pornography, pirated movies or other unsavory stuff. Crooks often plant malware in those places.
  • Don’t pay a ransom to online crooks if your computer is attacked. They may just up the price, then destroy your data or leave it encrypted.

More Resources

Updated July 6, 2021

About the Fraud Watch Network

Whether you have been personally affected by scams or fraud or are interested in learning more, the AARP Fraud Watch Network advocates on your behalf and equips you with the knowledge you need to feel more informed and confidently spot and avoid scams.

More From the Fraud Resource Center