FRAUD RESOURCE CENTER
En español | It’s a nightmare scenario: You’re doing work, answering emails or browsing the web when, suddenly, your computer or mobile device stops working. A taunting message takes over your screen, informing you that some faceless internet villain has seized control of the machine and all of your data. To get it back, the message claims, you’ll have to fork over a payment.
Ransomware is a particularly devious type of malicious software, or malware. You can inadvertently download ransomware onto your computer or device by clicking on an online ad or email link, opening an attachment or, in some cases, simply going to a website where it has been planted (a form of attack called a drive-by download).
Once the program installs itself, it will lock up your computer and communicate the demand for payment, usually in a cryptocurrency such as Bitcoin, Ethereum or Ripple (although ransomware crooks have been known to demand gift cards). More vicious strains of malware will encrypt the files and folders on your machine, external drives you have plugged into it, and other computers on your home or office network.
That last threat — hackers’ ability to infect large computer networks after gaining a single point of entry — has made ransomware increasingly lucrative for international criminal gangs that target government agencies, health care systems and large corporations, including Colonial Pipeline, the gas carrier that was infamously shut down by cybercrooks for several days in May 2021.
The FBI's Internet Crime Complaint Center received 3,474 reports of ransomware attacks in 2021, up 50 percent from the year before. Reported losses jumped from $29.2 million to $49.2 million.
And while attacks on big fish like Colonial Pipeline grab the headlines, small and medium-sized businesses are also in the line of fire. Nearly 44 percent of ransomware attacks in the fourth quarter of 2021 targeted companies with 100 or fewer employees, according to cybersecurity firm Coveware, which helps businesses deal with extortion threats.
Whatever the target, the price can be steep. Coveware’s tracking puts the median ransom payment at more than $117,000. The true cost of recovering from ransomware can be much higher, as the FBI notes, including lost staff time, computer equipment and files, and the expense of hiring tech help to restore machines and networks.
- You get an email or instant message that looks phishy. Phishing is the most common method hackers use to spread ransomware, so be wary of messages that appear to come from a trusted source, such as a friend, a coworker or your bank, but seem off in some way (for example, the grammar is suspiciously bad or the sender’s address looks wrong).
- A pop-up on your computer or mobile device warns of viruses, promises a prize or redirects you automatically to another site.
- An email with a Microsoft Word document attached asks you to “enable macros” or “enable content.” Opening the attachment or following the enable instructions allows the file to download ransomware or other malicious software onto your computer.
- Do set your computer operating system, web browser and security software to update automatically so you’re always protected against the latest threats.
- Do back up all of your important data. You can do so to a portable drive, but also consider signing up for a cloud-based service that automatically backs up your files and saves previous versions so can get them back unencrypted.
- Do unplug portable drives from your computer when not in use, to lessen the chances that they, too, will be encrypted in a ransomware attack.
- Do use an ad-blocker program or browser extension, to help protect your device from malware planted in web ads.
- Do disconnect an infected computer from your home or office network, to prevent ransomware from spreading to other devices.
- Do be especially vigilant if you’re working from home. Home computers and networks may have more security vulnerabilities than company systems directly managed by IT staff.
- Don’t click links in emails without first checking them out. Hover your cursor over the link, so you can see if the internet address, or URL, looks suspicious.
- Don’t open an email attachment unless you’re expecting a file from someone and you know it’s safe.
- Don’t click on pop-up ads offering free software products that remove malware from your computer. Some ransomware developers use pop-ups to transfer their programs.
- Don’t go to websites that contain pornography, pirated movies or other unsavory stuff. Crooks often plant malware in those places.
- Don’t pay a ransom to online crooks if your computer is attacked. They may just up the price, then destroy your data or leave it encrypted.
- Report ransomware attacks to the FBI's Internet Crime Complaint Center (IC3), an FBI field office in your area or the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA).
- Forward phishing emails to the Federal Trade Commission at email@example.com.
Updated March 24, 2022
About the Fraud Watch Network
Whether you have been personally affected by scams or fraud or are interested in learning more, the AARP Fraud Watch Network advocates on your behalf and equips you with the knowledge you need to feel more informed and confidently spot and avoid scams.
More From the Fraud Resource Center