Ransomware: what it is and how to stop it
By Andrew Laughlin
Ransomware is a nasty online threat that hijacks your computer and holds it to ransom. Learn more about the ransomware virus and how to prevent it.
Ransomware is a type of virus that holds your computer and the files on it to ransom, demanding payment for you to regain access.
A ransomware virus can lock up your system or encrypt the files on your PC, making them unusable unless you pay up for a key code. Cyber criminals are sneaky with their ransomware scams, sometimes even pretending to be the police. They may accuse you of downloading illegal material to trick or embarrass you into paying a fee.
In this guide, we’ll help you get savvy about what ransomware is, how to detect it and, if the worse happens, how to remove ransomware from your computer.
Read our reviews of the best antivirus software.
Previously, Ransomware was a largely obscure term used mostly by security experts. That was until the NHS (among other major organisations) was brought to its knees by the WannaCryptor, also known as WannaCry, ransomware attack in spring 2017.
This malicious code locked thousands of PCs across the world. The perpetrators demanded a fee be paid in hard-to-trace Bitcoins to regain access.
Sadly, ransomware attacks such as this are on the rise, and individual PCs and even Mac computers can be at risk of being targeted. However, there are simple and effective steps to ensure you avoid becoming a victim.
First and foremost, be very careful about any unsolicited message or email you receive. Even if it looks official, there's a chance it's a vessel for getting a virus onto your PC. Use our guide for expert tips on how to spot an email scam.
Likewise, be cautious about which software and apps you download. Make sure they're from a trusted source before going ahead.
Finally, always keep your PC operating system updated so you have the latest security protections, and download a Best Buy antivirus software package to boost your security.
If you see a message demanding a fee to regain access to your files or parts of your computer, don’t panic, and certainly don't pay the fee. You will just be putting money in the criminals’ pockets, and there's no guarantee they will honour the deal and release your files. Plus, you may just be exposing your bank details to the attackers.
Disconnect your computer from the internet, as the malware might be trying to send out your data to the attackers. If you can still use the computer (ie the ransomware has only locked your files) download MalwareBytes Anti-Malware Free and run a full scan of your PC. This should clean or isolate and remove the infection.
If your PC is locked (ie when you boot it up you're immediately confronted by the ransomware message), you’ll need to put the PC in 'safe mode' (find out how in our guide to restarting in safe mode). As long as you have regularly set system restore points on your PC, then from the Safe Mode boot screen you can revert to a state before your PC was infected.
For complete instructions on this, head over our step-by-step guide to dealing with ransomware from the Which? Computing Helpdesk experts.
Other help and support is available from the No More Ransom website. It was created by the Dutch police's National High Tech Crime Unit in collaboration with the Europol European Cybercrime Centre and antivirus companies, Kaspersky and McAfee to help people hit by ransomware.
It provides various tools, including a 'crypto sheriff' detection system for assessing the ransomware infection and also decryption tools for potentially retrieving lost files.
Although online attacks such as ransomware are constantly evolving, having up-to-date antivirus software on your PC can protect you from most threats.
Some antivirus programs offer extra protection, such as the Ransomware Shield in AVG Internet Security and Avast Internet Security.
You can also download Norton Power Eraser for free. This is a recovery tool that helps if your PC gets infected. If your infected PC is totally locked, you may need to use another computer to download the software to a USB stick and run it on the infected machine in safe mode.
If all this fails and you need more assistance, find a reputable computer repair company in your local area with Which? Trusted Traders.
Apple has for a long time proudly claimed that its Mac and MacBook computers are impervious to viruses. However, that claim is now coming under threat from cases of malware targeting the macOS operating system.
According to a McAfee security report, more than 700,000 individual cases of Mac malware were recorded in the first three months of 2017. That's almost as many as in the whole of the previous year, and includes instances of ransomware.
Macs are certainly not immune to viruses, but compared with PCs, it's still extremely unlikely your Mac will get infected. Most viruses are written for Windows PCs as there are a lot more of them in the world, including in major corporations.
Apple’s in-built features in macOS, such as XProtect and Gatekeeper, do a good job at fending off most online threats. However, you should still exercise caution when you download or install programs. And, you may want to get a top-quality free or paid-for Mac antivirus program to get some extra protection.
Find out more about Mac ransomware with our in-depth guide to Mac ransomware.