Ransomware can be used to infect your computer.
Visit unsafe, suspicious or fake websites
You may open file attachments you didn’t expect or that were sent by people you don’t know.
Infecting other people’s email accounts, Facebook, Twitter, and instant messenger chats with bad or malicious links.
- Fake email addresses and websites are easy to recognize. Be aware of unusual spellings in company names, such as “PayPal” instead of “PayPal”, or unusual symbols, punctuation, or spaces (such “iTunes customer Service”, instead of “iTunes Customer Service”)
- Ransomware can attack any computer, whether it is a home computer or a PC on an enterprise network.
- Caution: Mobile devices can get ransomware too! Read more
What can I do to help my computer stay safe?
Check that your computer is running the most recent version of Windows. Find out more about Windows Update.
Make sure Windows Security has been turned on to protect you against viruses and malware (or Windows Defender Security Center if you have Windows 10 earlier versions).
To protect your files and folders from malware, such as ransomware, turn on Controlled File Access in Windows 10 or 11.
With Microsoft 365 advanced security, you can get ransomware detection and recovery.
If File History has not been turned on by the manufacturer of your computer, you can back up your files using File History. Find out more about File History.
Microsoft OneDrive allows you to store important files. OneDrive has built-in ransomware detection, recovery and file versioning. This allows you to restore a previous version of files. OneDrive also allows you to edit Microsoft Office files. Your work is automatically saved when you move.
Use a modern and secure browser like Microsoft Edge.
Your computer should be restarted at least once per week. This will ensure that your operating system and applications are current and help your computer run more efficiently.
Note If you are a small business owner, consider Microsoft 365 Business Premium. This includes Microsoft Defender Advanced Threat Protection to protect your business from online threats.
Find out more about Microsoft 365 Business Premium Security
If you suspect that you have been infected,
Antimalware programs such as Windows Security are recommended whenever your computer is infected. If you see new malware in the media or notice unusual behavior on your computer, you can use Windows Security to scan it. For more information on how to scan your device, see Virus and threat protection in Windows Security.
If you do get ransomware,
Ransomware infections are usually not visible until you see a notification. This could be in the form of an app or a window. After encrypting your files, these messages are often displayed.
You can clean your computer completely with Windows Security. This is a must before you attempt to recover files. For help in backing up or recovering files from your Windows version, see Backup & Restore in Windows.
Do not pay ransom to retrieve your files. You can’t guarantee you will get access to your files or PC if you pay ransom.
What to do if your payment is already made
Contact your bank immediately if you have already paid the ransom. Your bank might be able block transactions made with credit cards and refund your money.
The following websites can be contacted for information about government fraud and scams:
For Australia, visit the SCAMwatch site.
Go to the Canadian Anti-Fraud Centre in Canada.
In France, go to the Agence nationale de la securite des systemes d’information website.
Go to the Bundesamt für Sicherheit in der Informationstechnik site in Germany.
For Ireland, visit the An Garda Siochana site.
New Zealanders can visit the Consumer Affairs Scams webpage.
The Action Fraud website is available in the United Kingdom.
The On Guard Online Website is available in the United States.
Microsoft recommends that your region be contacted by the federal police of communications authority in your area if it isn’t already.
For a visual overview of ransomware and how you can protect yourself from it, see The 5Ws & 1H of ransomware.