Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
Leaving Website

You are now leaving and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

What to Do If a Ransomware Attack Hits Your Computer

Businesses, governments and individuals can be victims. How to keep fraudsters at bay

spinner image ransomware attack displayed on a woman's laptop screen
PonyWang/Getty Images

Ransomware is on a rampage.

The frequency of attacks nearly doubled during the first half of 2021 compared to the corresponding period last year, according to a recent report from Tel Aviv-based cybersecurity firm Check Point Software Technologies. And the dollar amount that criminals are extorting is also on the rise.

Ransomware is a type of computer virus, also called malicious software or malware, that locks your computer and sends out an alert demanding a payment for the return of your data. Cybercriminals typically target businesses and governments in hopes they'll pay big bounties to release files and restore critical systems. But ransomware attacks happen to regular computer users, too.

spinner image Image Alt Attribute

AARP Membership— $12 for your first year when you sign up for Automatic Renewal

Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine.

Join Now

"When a consumer is a victim with ransomware, it means the cybercriminal has something they can demand payment for, such as your documents, including tax returns, or maybe important photos and videos [like home movies] that are now encrypted,” says Steve Grobman, chief technology officer of McAfee, a leading cybersecurity company.

To unlock your files, attackers demand that you pay them, usually in cryptocurrency such as Bitcoin, which is difficult to trace. Their demands could amount to several hundred dollars for individuals — and several million dollars for companies — with recent high-profile attacks on Colonial Pipeline Co. and JBS USA Holdings Inc., the world's largest meat processing company, as examples.

"You may see an email that says you need to pay if you want these files back. Or in other cases you're told your entire computer is locked and unless you pay, they'll make it essentially unusable,” Grobman says.

But it can get worse. Cybercriminals also may threaten to post your personal information, such as private emails, on the internet unless you pay, he says. “Fake ransomware,” a demand for payment without a criminal accessing your files, is also a problem. So what should you do?

If a ransomware attack strikes you

"Your first course of action should always be to contact your local authorities as soon as possible,” says chief technology officer Ryan Toohil of Aura, a digital security company based in Burlington, Massachusetts.

"Don't take any actions before a technology and/or law enforcement expert is involved, as it could make the situation worse,” Toohil says. “Technical experts will know what to do in a ransomware situation."

But you can take a few steps on your own. If you are confident in your technical skills, consider checking the website No More Ransom to see if you have been infected by ransomware with a known solution or decryption key. That way, you can unlock your files without paying. No More Ransom was launched in 2016 with the goal of helping victims retrieve their encrypted data without losing money.

"Many ransomware attacks are attacks of opportunity, so they often reuse the same technology knowing that most victims won't know how to unlock the files,” Toohil says.

See more Health & Wellness offers >

If you don't feel comfortable checking on this yourself, get help from a tech-savvy friend or family member, or bring your computer to a reputable technician to confirm that your files really are encrypted. Among the companies that have lots of locations nationwide and offer such a service are Best Buy's Geek Squad, based in Richfield, Minnesota; Los Angeles-based HelloTech; Orlando-based uBreakiFix; and Norton Ultimate Help Desk, which offers a discount to AARP members.

Cyberattackers prey on fear

"Don't panic,” Grobman says. “It's absolutely critical. One thing I see all the time is consumers make a minor issue worse because they start trying to take action with a ransomware attack."

But it's understandable. Criminals are hoping for an emotional response, often by using big, red — and sometimes flashing — words on the screen such as “RANSOMWARE ATTACK! YOUR FILES ARE ENCRYPTED. YOU HAVE 15 HOURS TO SUBMIT PAYMENT!” so you might pay up quickly. The most important thing, Grobman says, is to get up, walk around to clear your head, then sit back down and ask yourself some questions.

  • What options do you have to recover your files other than paying?
  • Do you have duplicate files somewhere else, such as on a hard drive not connected to your computer?
  • Do you need the hijacked files or care if they are revealed?

If you backed up your files or turned on a system that backs them up automatically — like Time Machine within a Macintosh operating system — try to connect it to another computer to make sure the backup is still reliable, Toohil says.

"Then you can restore your machine via the backup to what it was before you were infected,” he says. “Wait until it is deemed safe to do so by technical experts to perform this action."

The next step is to confirm, if possible, that ransomware has actually been installed on your computer. If the extortionists claim they have all your emails, have they supplied a sample to prove it?

Also, don't accept unsolicited help for your problem. “We've seen a one-two punch, where you get a notification of ransomware, followed up by a scam that looks like it comes from a trusted source like Microsoft or McAfee that says, ‘We've detected you've become a victim of ransomware. We're here to help. Please call this number and allow our technicians to remote control your computer,’ ” Grobman says. “Never, ever act on any of those emails.” Legitimate software vendors won't contact customers that way.

If you need the help of a software vendor like McAfee, Aura or another cybersecurity company, always go to the website on your own. Do not click on a link or call a phone number sent to you.

Should you pay the ransom?

This is a tough one to answer. Grobman says that when you pay a ransom, you're reinforcing the cybercriminal's business model.

"Know that you're essentially funding the next generation of ransomware,” he says. “So the main reason not to pay ransomware is that it makes the global problem worse."

But he stops short of saying never pay, as some other cybersecurity experts suggest. You have to decide whether the files are important enough.

Aura's Toohil agrees: “If the files you have on your machine are meaningful to you [such as pictures of your family or grandkids or irreplaceable financial data], you haven't created backups, you have not been locked with a known ransomware, and the technical experts you've enlisted don't think they will be able to unlock your files, it is OK to consider paying.” But make sure you can afford it and realize that the thieves might take the money and give you nothing.

"This is not a good long-term solution,” he says. “But if you have no way to recover those things that are priceless to you, sometimes you have no other option."

Marc Saltzman is a contributing writer who covers personal technology. His work also appears in
USA Today and other national publications. He hosts the podcast series Tech It Out and is the author of several books, including Apple Watch for Dummies and Siri for Dummies.

How to Avoid a Ransomware Scam

5 tips to prevent a ransomware attack

Cybersecurity software and common sense can help minimize the odds of a ransomware attack. Here's how to keep a ransomware attacker at bay.

1. Install cybersecurity software on all your devices and don't let it expire. Consumer Reports lists seven free antivirus software options — three that it recommends — though most are annual subscriptions. Companies in addition to Aura and McAfee that offer paid suites of software with additional protections and the ability to use it on multiple devices in the same household include Avast, Kaspersky and Norton. (Norton offers a discount to AARP members.)

2. Delete suspicious emails and text messages that claim to be from an organization — such as your bank, credit card company, favorite shopping site, an internet service provider, the IRS or Microsoft — instead of clicking on a link that could take you to an authentic-looking but phony site asking you to input personal or financial information. These "phishing” scams often include an urgent message asking you to immediately confirm these details.

3. Never click on email attachments that you're not expecting.

4. Keep apps and operating systems fully updated, allowing them to automatically update when possible. Companies regularly patch their software after vulnerabilities have been discovered and fixed.

5. Back up your computer's internal hard drive regularly. You can choose your preferred backup method: an inexpensive external hard disk drive; a USB storage device such as a memory stick or thumb drive; or an online cloud service like Dropbox, Google Drive, iCloud or OneDrive. Consider using a physical backup you can store in your house and a cloud service. Backups protect your files from all sorts of problems in addition to ransomware attacks, including computer virus infections, fires, floods, power surges or theft.

"While the cloud is great, be sure to back up files to something you can unplug, such as a 64-gigabyte USB stick, which you can buy for $8,” says Grobman. “Cybercriminals are very smart, but they can't violate the laws of physics and get into your drawer and get files off a USB stick or drive."

Discover AARP Members Only Access

Join AARP to Continue

Already a Member?