Follow:
Ransomware is a type of malware that stops you from using your computer until you pay a certain amount of money (the ransom). There are two types of ransomware.
Lockscreen ransomware - which uses a full-screen image or webpage to stop you from accessing anything on your computer.
Encryption ransomware - which locks your files with a password, stopping you from opening them.
Most ransomware shows a notification that says your local authorities have detected illegal activity on your computer. They then demand you pay a "fine" to avoid prosecution and to get access to your files again.
Note: You shouldn’t pay the “fine”. Paying the ransom won’t necessarily return your computer to a usable state. The threat of prosecution does not come from a legitimate authority.
There is more information about removing a ransomware infection below.
Expand all
No. These warnings are fake and have no association with legitimate authorities. The operators of ransomware use the tone, images and logos of legal institutions to give their scam an air of legitimacy.
No. Do not pay, regardless of how legitimate or threatening the claims look. You will only end up giving money to criminals, who have no intention of giving you back access to your computer or files.
In all cases, you should contact your bank and your local authorities. If you paid with a credit card, your bank may be able to block the transaction and return your money.
The following government-initiated fraud and scam reporting websites may also help:
In Australia, go to the SCAMwatch website
In Canada, go to the Canadian Anti-Fraud Centre
In France, go to the Agence nationale de la sécurité des systèmes d'information website
In Germany, go to the Bundesamt für Sicherheit in der Informationstechnik website
In Ireland, go to the An Garda Síochána website
In New Zealand, go to the Consumer Affairs Scams website
In the United Kingdom, go to the Action Fraud website
In the United States, go to the On Guard Online website
If your country or region isn't listed here, we encourage you to contact your country's federal police or communications authority.
There are publicly available tools online that can check a computer's IP address. Getting IP addresses is a common behavior for malware - in the case of ransomware, it’s used as another scare tactic.
Ransomware, like other malware, can arrive in a variety of ways. However, in most instances it is automatically downloaded when you visit a malicious website or a website that's been compromised.
Do not pay the fine. Ransomware have different behaviors and have to be removed in different ways. There is more help on removing an infection below.
Despite its threatening nature, ransomware is still a type of malware. We recommend the same tips to help keep any malware out of your computer:
Install and use an up-to-date antivirus solution (such as Microsoft Security Essentials)
Make sure your software is up-to-date (here's a short list of common software)
Don't click on links or open attachments from untrusted sources
Some ransomware may leave your computer or files in an unusable state. We recommend you regularly perform a backup of your important files. You can do this with a cloud storage service such as Skydrive, which is now fully integrated into Windows 8 and Microsoft Office.
The following two methods might help you remove a ransomware infection from your computer.
Method 1: Use the Microsoft Safety Scanner
Before you begin, you will need to have access to a computer that is not infected and is connected to the Internet so that you can download a copy of the Microsoft Safety Scanner.
Try to restart your computer in safe mode. Here's how:
In Windows 8
In Windows 7
In Windows Vista
In Windows XP
If you can’t restart your computer in safe mode, run the Microsoft Safety Scanner and restart your computer afterwards.
If this resolves your ransomware infection, there are a few steps you should take once your computer has been cleaned.
If this does not resolve your ransomware infection, follow Method 2.
Method 2: Use Windows Defender Offline
If you’ve tried the Microsoft Safety Scanner and uninstalling then reinstalling your antimalware software and you’re still having an issue, we recommend you download and run Windows Defender Offline.
Windows Defender Offline is a standalone tool with the latest antimalware updates from Microsoft.
It’s not a replacement for a full antivirus or antimalware solution that provides ongoing protection. It’s meant to be used when you can’t start or scan your computer because a malware infection is stopping your antimalware software from working.
Before you begin you will need:
A computer that is not infected and is connected to the Internet. You will use this computer to download a copy of Windows Defender Offline
A blank CD, DVD or USB flash drive - use this to run the tool on your infected computer
Follow these steps to use Windows Defender Offline:
Use an uninfected computer to download a copy of the tool from here: Windows Defender Offline
Make sure you download the right version for your infected computer. For example, your desktop computer has been infected with malware. It is running a 64-bit version of Windows. Your friend's laptop, however, is not infected, and so you use that to download Windows Defender Offline. Your friend's laptop is running a 32-bit version of Windows, so when you download the tool you choose the 64-bit version because that is the version that matches your computer
Install the tool on a blank CD, DVD, or USB flash drive
Insert the CD, DVD, or USB flash drive into your infected computer and run the tool
Let the tool clean your computer and remove any infections it finds
After running the tool, make sure your antimalware software is up-to-date. You can update Microsoft security software by downloading the latest definitions.
For detailed instructions on using Windows Defender Offline, see the Microsoft Security Blog post Microsoft's Free Security Tools - Windows Defender Offline.
Steps you can take once your computer has been cleaned
If you’re running Windows 8, your PC comes with Windows Defender built in. Windows Defender helps guard your PC against viruses, spyware, and other malicious software in real time
If you’re running Windows 7 or Windows Vista, install security software, such as Microsoft Security Essentials or other security software that provides a complete, real-time antimalware solution
Keep your antimalware software up-to-date by making sure you have the latest definitions
I want to...
Stop getting the same alert
Run a scan
I can’t update my security software
I get an error code on my security software
Download the latest definitions
Download security software
Submit a malware sample
Report a false positive
Dispute a detection
Note: Your feedback is very important to us, however, we do not respond to individual submissions through this channel. If you require support, please visit the Safety & Security Center.