FRAUD RESOURCE CENTER
En español | It's a nightmare scenario: You're doing work, answering emails or browsing the web when suddenly your computer or mobile device stops working. A taunting message takes over your screen, informing you that some faceless internet villain has seized control of the machine and all of your data. To get it back, the message claims, you'll have to fork over a ransom, usually in a cryptocurrency such as Bitcoin, Ethereum or Ripple.
Ransomware is a particularly devious type of malicious software, or malware. You can inadvertently download it onto your computer or device by clicking on an online ad or email link, opening an attachment or, in some cases, simply going to a website where ransomware has been planted (a form of attack called a drive-by download).
Once the program installs itself, it will lock up your computer and communicate the demand. More vicious strains of ransomware will encrypt the files and folders on your machine, external drives you have plugged into it, and possibly even other computers on your home or office network.
The FBI's Internet Crime Complaint Center (IC3) logged more than 2,000 reports of ransomware attacks aginast individuals, businesses and organizations in 2019 with victims reporting losses of almost $9 million. The bureau says that likely does not reflect either the real number of cases or the true costs of recovery, which can include not just ransom payments but also lost staff time, computer equipment and files, and the expense of hiring tech help to restore machines and networks.
Be especially vigilant if you own or work for a small business; more than 70 percent of ransomware attacks targeted small businesses in 2018, according to an analysis by cybersecurity firm Beazley Breach Response. But cybercrooks are increasingly going after bigger fish. Attacks against state and local government computer networks have severely affected public services in dozens of communities, including major cities like Baltimore and Atlanta.
As ransomware criminals become increasingly sophisticated, they're also brazenly planting malicious code on otherwise legitimate websites, according to the FBI. Some online scammers have combined ransomware with extortion, employing malware that generates a fake message from the FBI accusing victims of watching child pornography or downloading illegal files, and freezes their computers until they pay a “fine.”
- An email or instant message that seems phishy. Phishing is the most common method hackers use to spread ransomware, so be wary of messages that appear to come from a trusted source such as a friend or your bank but seem off in some way (for example, the grammar is suspiciously bad or the sender's address looks wrong).
- A pop-up on your computer or mobile device warns of viruses, promises a prize or redirects you automatically to another site.
- An email with a Microsoft Word document attached asks you to “enable macros” or “enable content.” Opening the attachment or following the “enable” instructions allows the file to download ransomware or other malicious software onto your computer.
- Do set your computer operating system, web browser and security software to update automatically so you're always protected against the latest threats.
- Do back up all of your important data. You can do so to a portable drive, but consider also signing up for a cloud-based backup service that automatically backs up your files and saves previous versions so can get them back unencrypted.
- Do unplug portable drives from your computer when not in use, to lessen the chances that they, too, will be encrypted in a ransomware attack.
- Do use an ad blocker program or browser extension to help protect your device from malware planted in web ads.
- Do disconnect an infected computer from your home or office network to prevent ransomware from spreading to other devices.
- Don't click links in emails without first checking them out. Hover your cursor over the link, so you can see if the internet address, or URL, looks suspicious.
- Don't open an email attachment unless you're expecting a file from someone and you know it's safe.
- Don't click pop-up ads offering free software products that remove malware from your computer. Some ransomware developers use pop-ups to transfer their programs.
- Don't go to websites that contain pornography, pirated movies or other unsavory stuff. Crooks often plant malware in those places.
- Don't pay a ransom to online crooks if your computer is attacked. They may just up the price, then destroy your data or leave it encrypted anyway.
Updated March 11, 2020
- Report ransomware attacks to the FBI's Internet Crime Complaint Center (IC3), an FBI field office in your area or the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA).
- Forward phishing emails to the Federal Trade Commission at email@example.com.
More From the Fraud Resource Center