Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data.
You can unknowingly download ransomware onto a computer by opening an email attachment, clicking an ad, following a link, or even visiting a website that's embedded with malware.
Once the code is loaded on a computer, it will lock access to the computer itself or data and files stored there. More menacing versions can encrypt files and folders on local drives, attached drives, and even networked computers.
Most of the time, you don’t know your computer has been infected. You usually discover it when you can no longer access your data or you see computer messages letting you know about the attack and demanding ransom payments.
The best way to avoid being exposed to ransomware—or any type of malware—is to be a cautious and conscientious computer user. Malware distributors have gotten increasingly savvy, and you need to be careful about what you download and click on.
- Keep operating systems, software, and applications current and up to date.
- Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
- Back up data regularly and double-check that those backups were completed.
- Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
- Create a continuity plan in case your business or organization is the victim of a ransomware attack.
The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.
If you are a victim of ransomware:
02.04.2021 Ransomware: What It Is & What To Do About It (pdf)
This fact sheet provides the public with important information on the current ransomware threat and the government’s response, as well as common infection vectors, tools for attack prevention, and important contacts in the event of a ransomware attack.
10.02.2019 High Impact Ransomware Attacks Threaten U.S. Businesses and Organizations
Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial companies, and the transportation sector.
Related FBI News and Multimedia
FBI Deputy Director Paul M. Abbate delivered remarks during a press conference in Washington, D.C., with Department of Justice officials announcing the seizure of ransom proceeds from the group DarkSide following the Colonial Pipeline network compromise.
The Department of Justice seized funds allegedly representing the proceeds of a ransom payment to individuals in a group known as DarkSide, which targeted Colonial Pipeline and resulted in critical infrastructure being taken out of operation.
With the recent rapid increase in ransomware attacks against private sector companies, the FBI has made these investigations a top priority. If you believe you have been a victim of a cybercrime, contact your local FBI field office.
The FBI Phoenix Field Office is warning the public about ransomware attacks in this month’s Tech Tuesday.
The NCIJTF's ransomware fact sheet provides the public with important information on the current ransomware threat and the government’s response.
The Department of Justice announced a coordinated international law enforcement action to disrupt a sophisticated form of ransomware known as NetWalker.
Joshua Polloso Epifaniou, a Cypriot national, has pleaded guilty to accessing multiple major websites based in the United States without authorization.
Egor Igorevich Kriuchkov, a Russian national, made his initial appearance in federal court for his role in a conspiracy to extort ransom money from a company.
Mayur Rele was indicted for committing computer fraud and abuse by causing ransomware to be intentionally downloaded to computer systems, and other acts.
The FBI’s Protected Voices initiative provides cybersecurity recommendations to political campaigns on multiple topics, including ransomware, to help mitigate the risk of cyber influence operations targeting U.S. elections.