Protect your PC from ransomware

Applies to: SecurityWindows 7Windows 8.1 More

Ransomware is computer malware that restricts access—or even stops you from using your PC—or encrypts your files. It then tries to force you into paying money (a ransom) to regain access to them.

Some of the ways you can get infected by ransomware include:

  • Visiting unsafe, suspicious, or fake websites.
  • Opening emails and email attachments that you weren’t expecting or from people you don’t know.
  • Opening malicious or bad links in emails, Facebook, Twitter, and other social media posts, or in instant messenger chats, like Skype.

You can often recognize a fake email and webpage because they have bad spelling, or just look unusual. Look out for strange spellings of company names (like "PayePal" instead of "PayPal") or unusual spaces, symbols, or punctuation (like "iTunesCustomer Service" instead of "iTunes Customer Service").

Ransomware can target any PC—whether it’s a home computer, PCs on an enterprise network, or servers used by a government agency.

How can I help keep my PC secure?


Whether you’ve just bought a new PC or you’re using the same one you’ve had, there are some things you can try to keep it more secure:

If you suspect you’ve been infected


Use antimalware programs, such as Windows Security, whenever you’re concerned your PC might be infected—for example, if you hear about a new malware in the news or you notice odd behavior on your PC. Learn more about Windows Security.

If you actually get a ransomware infection


Unfortunately, a ransomware infection doesn’t show itself until you see some type of notification, either in a window, an app, or a full-screen message, demanding money to regain access to your PC or files. These messages often display after encrypting your files.

Try fully cleaning your PC with Windows Security. You should do this before you try to recover your files. Also see Backup and Restore in Windows 10 for help on backing up and recovering files for your version of Windows.

Do not pay any money to recover your files. Even if you were to pay the ransom, there is no guarantee that you will regain access to your PC or files.

What to do if you already paid


If you’ve already paid the ransom, immediately contact your bank and your local authorities. If you paid with a credit card, your bank may be able to block the transaction and return your money.

You can also contact the following government fraud and scam reporting websites:

If your country or region isn't listed here, Microsoft recommends that you contact your country or region's federal police or communications authority.

For an illustrated overview about ransomware and what you can do to help protect yourself, see The 5Ws and 1H of ransomware. 

If you're in an enterprise, see the Microsoft Malware Protection Center for in-depth information about ransomware