What is ransomware and how do I remove it?

Ransomware is a type of malware that prevents you from accessing files or displays a "lock screen" on your computer. It demands that you pay a ransom, in Bitcoin or other currency, in order to regain access to your files. Examples of ransomware include Locky, Scarab, Carote, Lilocked, Blower, Dharma, Coot, and CryptoMix.

Ransomware is often distributed as a trojan , which is malware disguised as a legitimate file. Common ways to receive ransomware include email attachments, Internet downloads , and network file transfers.

What does ransomware do to my computer?

Ransomware encrypts and often renames your files so you cannot open them. Once installed on your computer, the ransomware may display a lock screen with a message saying you must pay a ransom to regain access to your files. In some cases, it may be a fake message purporting to be from a government institution like the FBI or Department of Defense, stating you must pay a fine. It may also be a standard ransom note with instructions for how to pay the ransom.

Some ransomware only targets your files instead of locking your computer. This type of malware encrypts and renames your documents, such as .DOCX , .JPG , .MP4 files. It may replace the file extension with a ransomware extension, such as .LOCKED . Since the files are encrypted, you cannot simply change the file extension to open the files.

The ransomware may generate a plain text ( .TXT ) ransom note to inform you of the takeover and what you need to do to recover your files. The note may include the organization responsible for the takeover, the ransom amount demanded, and how to pay the fee to unlock your files. Ransom amounts range from less than $100 to several thousand dollars.

How do I remove ransomware?

If your computer is infected with ransomware, you have a few options:

Should I just pay the ransom?

FileInfo does not recommend paying a ransom for the following reasons:

How can I prevent ransomware?

The best way to handle ransomware is to prevent it from infecting your computer in the first place. Three key things to remember:

It is also helpful to install antivirus or Internet security software on your computer. A good Internet security program can detect and eliminate ransomware threats before they take over your computer. This is especially important if you use Windows, the platform most commonly targeted by ransomware.

And of course — always have a recent backup. You can easily set up and automate backups using Windows Backup and Restore or Apple Time Machine . The safest way to back up your computer is to have both a local backup (an external hard drive) and a remote backup (stored online). In some cases, ransomware may affect your local backup, so backing up your data to a cloud service is a smart idea.