What is ransomware?

Ransomware is a type of malicious software (malware) that can lock your computer screen and prevent you from accessing your files by encrypting them. Normally, the hacker who sent the ransomware will demand that you pay a fee (ransom) to regain access to your PC and files.

In a typical ransomware incident, you will receive an email containing a legitimate‑looking file attachment or link to a URL. Opening the file or clicking the link will enable malware to automatically install itself onto your computer. The malware then searches for, and encrypts, your files and folders on local, network, and attached drives, and also puts your other networked devices at risk.

Once the hacker has locked or encrypted your files, you may receive a message that looks similar to the following image:

IMPORTANT: Never pay the ransom! Paying the fee or performing the action demanded by the ransomware does not guarantee that you will recover your files or folders.

ctb-locker_2

What do I do if my computer is infected?

Immediately remove the network cable from your computer and shut down your machine. The quickest way to shut down your computer is to hold down the power button.

Submit an Emergency Case Log.

How does ransomware get on my computer?

Spam emails

Malware authors will often try to trick you into downloading malicious files. They disguise their files as email attachments with messages notifying you of a delivery receipt, tax refund, or ticket invoice. The messages might ask you to open the attachment to get the items delivered or receive the money. If you do open the attachments, however, you will end up installing malware on your PC.

Sometimes malicious emails will be easy to spot: they could contain poor spelling and grammar or come from email addresses you have never seen before. These emails, however, also can look like they come from a legitimate business or someone you know. Be careful—some malware can hack your email accounts and send malicious messages to all of your contacts.

Sense of urgency

If a message creates a strong sense of urgency, is confusing, or seems too good to be true, it could be an attack. Be suspicious—common sense is often your best defense.

Malicious websites

Ransomware can download automatically if you click on a malicious website or a website that has been hacked. Be aware—just browsing a corrupted website is enough to transfer malicious code to your computer.

What can you do to avoid being a ransomware victim?

  • Refrain from opening attachments that look suspicious. This not only applies to messages from unfamiliar senders, but also to messages from senders who you believe are your acquaintances. Phishing emails may masquerade as notifications from a delivery service, an e‑commerce resource, a law enforcement agency, or a banking institution.
  • Do not open emails or attachments if you are not sure who sent them or something does not look quite right.
  • Watch out for emails asking you to update your details—do not click on the links in these emails.
  • Do not open email attachments that you were not expecting or those sent by someone you do not know.
  • Avoid downloading free software. Software downloads can contain infected files and viruses that can automatically install onto your computer along with the free software.
  • Think twice before clicking. Emails from people you trust, including your friends or colleagues, can contain dangerous hyperlinks. Cybercriminals can compromise other’s accounts and deploy malicious links to as many people as possible.

← Back to Help Resources