Ransomware is malware that encrypts your files or stops you from using your computer until you pay money (a ransom) for them to be unlocked. If your computer is connected to a network the ransomware may also spread to other computers or storage devices on the network.
Some of the ways you can get infected by ransomware include:
Visiting unsafe, suspicious, or fake websites.
- Opening file attachments that you weren’t expecting or from people you don’t know.
- Opening malicious or bad links in emails, Facebook, Twitter, and other social media posts, or in instant messenger or SMS chats.
You can often recognize a fake email and webpage because they have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).
Ransomware can target any PC—whether it’s a home computer, PCs on an enterprise network, or servers used by a government agency.
Caution: Mobile devices can get ransomware too! Learn more
How can I help keep my PC secure?
- Make sure your PC is up to date with the latest version of Windows and all the latest patches. Learn more about Windows Update.
- Be sure Windows Security is turned on to help protect you from viruses and malware (or Windows Defender Security Center in previous versions of Windows 10).
- In Windows 10 or 11 turn on Controlled Folder Access to protect your important local folders from unauthorized programs like ransomware or other malware.
- Get ransomware detection and recovery with Microsoft 365 advanced protection.
- Back up your files with File History if it hasn’t already been turned on by your PC’s manufacturer. Learn more about File History.
- Store important files on Microsoft OneDrive. OneDrive includes built in ransomware detection and recovery as well as file versioning so you can restore a previous version of a file. And when you edit Microsoft Office files stored on OneDrive your work is automatically saved as you go.
- Use a secure, modern, browser such as Microsoft Edge.
- Restart your computer periodically; at least once a week. This can help ensure the applications and operating system are up-to-date and helps your system run better.
Note: If you’re a small business owner consider using Microsoft 365 Business Premium. It includes Microsoft Defender Advanced Threat Protection to help protect your business against online threats.
If you suspect you’ve been infected
Use antimalware programs, such as Windows Security, whenever you’re concerned your PC might be infected. For example, if you hear about new malware in the news or you notice odd behavior on your PC. See Virus & threat protection in Windows Security for how to scan your device.
If you actually get a ransomware infection
Unfortunately, a ransomware infection usually doesn’t show itself until you see some type of notification, either in a window, an app, or a full-screen message, demanding money to regain access to your PC or files. These messages often display after encrypting your files.
Try fully cleaning your PC with Windows Security. You should do this before you try to recover your files. Also see Backup and Restore in Windows for help on backing up and recovering files for your version of Windows.
Don’t pay money to recover your files. Even if you were to pay the ransom, there is no guarantee that you’ll regain access to your PC or files.
What to do if you already paid
If you’ve already paid the ransom, immediately contact your bank and your local authorities. If you paid with a credit card, your bank may be able to block the transaction and return your money.
You can also contact the following government fraud and scam reporting websites:
- In Australia, go to the SCAMwatch website.
- In Canada, go to the Canadian Anti-Fraud Centre.
- In France, go to the Agence nationale de la sécurité des systèmes d’information website.
- In Germany, go to the Bundesamt für Sicherheit in der Informationstechnik website.
- In Ireland, go to the An Garda Síochána website.
- In New Zealand, go to the Consumer Affairs Scams website.
- In the United Kingdom, go to the Action Fraud website.
- In the United States, go to the On Guard Online website.
If your region isn’t listed here, Microsoft recommends that you contact your region’s federal police or communications authority.
For an illustrated overview about ransomware and what you can do to help protect yourself, see The 5Ws and 1H of ransomware.
If you’re in an enterprise, see the Microsoft Malware Protection Center for in-depth information about ransomware.