Recognize
Has your computer or account been “frozen” and held for ransom? Have you received a notice on your computer asking for money (usually bitcoin) in order to get access to your accounts or device back?
Ransomware is a type of harmful software cybercriminals use to block your access to systems or data. The cybercriminal holds your system or data hostage until the ransom is paid. The ransomware can spread to shared storage drives and other systems connected your to device or account. If a ransom is not paid, the system or encrypted data will continue to be blocked and could be deleted.
Be aware: Even after paying a ransom, the criminals may not return your data.
If you think that your computer or tablet has been infected by ransomware, we recommend that you act immediately by following our guidelines below, and then proceed to our Report, Recover and Reinforce sections for further assistance.
Some Immediate Action Steps to Take
- Disconnect your machine from WiFi or unplug from a network immediately.
- Disconnect any other machines or devices from your machine.
- Shut down your machine ONLY if the ransomware encryption is in progress!
- Isolate your backups immediately.
- Disable all shared drives that hold critical information.
- Contact an IT professional to ensure your computer is restored in a secure manner.
- Learn how to unlock ransomware.
* If you still believe you have problems after following these steps or don’t feel comfortable completing these steps, take your device to a professional.
Report
FBI Internet Crime Complaint Center (IC3)
Reporting cybercrime incidents via the link above is very important! The more national reporting data that is collected, the better the chance law enforcement has to catch the criminals and decrease online crime. Although the FBI does not resolve individual complaints directly, they will make your report available to local, state and other law enforcement partners. FAQs about IC3 reporting can be found here. Please read the FBI/IC3 privacy policy here. (If you believe that you’ve received a phishing email, please forward the email directly to reportphishing@apwg.org.)
Recover
These resources have been gathered, selected, and vetted to help simplify the process of recovering after a cybercrime incident has taken place. You may need to contact organizations outside FightCybercrime.org. Results will vary depending on your circumstances.
Reinforce
Once you have notified the appropriate organizations and you are on the road to recovery, it is time to reinforce your cybersecurity, using these resources and tools.
- Federal Trade Commission: Ransomware re-do? Back up your files
- Improve Your Security: Find cybersecurity tools to enhance your online safety
- Easy E-Cleanup Checklist
- StaySafeOnline: Learn How to Experience a Safer Internet Experience
Implement Preventative Measures
- Run an antivirus check and reinstall your operating system if necessary.
- Clear your browser’s cache and cookies.
- Back up, Back up, Back up. To best prepare for a ransomware attack, have more than one clean back up of your data.
- More information on these general guidelines can be found on the Federal Bureau of Investigation: Understanding Ransomware Handbook.
- Download our Six Steps to Better Security PDF.
Community Resources
