Ransomware is a type of malicious software that locks your files or device until a ransom is paid—often in cryptocurrency.
If you’re hit by ransomware, acting quickly and carefully can help reduce damage and possibly avoid data loss.
What do I do if its ransomware?
Follow the steps below if you believe you are a victim of a ransomware attack.
Disconnect and isolate your device immediately
To prevent the ransomware from encrypting more files or spreading:
- Disconnect from the internet: Turn off your wi-fi, mobile data or remove the ethernet cable.
- Disconnect external drives: Remove USB drives, external hard drives, or mobile devices that are connected to prevent the ransomware from spreading.
Reset your credentials
Do NOT pay the ransom
There is absolutely no guarantee your files will be restored. DO NOT PAY!
Reinstall operating system software
Safely wipe the infected device and reinstall the operating system (OS).
Restore from backup
Before restoring your device from a backup, make sure it is completely free from malware or viruses. Only restore from a backup when you are confident that backup is secure and clean.
Reconnect device
Reconnect your device to download and install the latest software security updates.
Install antivirus or antimalware software
Download, install and update your antivirus software.
Monitor activity
Scan and monitor your device for any suspicious activity.