Follow:

Microsoft Volume Licensing Blogtwitter

Ransomware

What is ransomware?

Ransomware is a type of malware that stops you from using your PC. It may then tell you that you have to pay money, complete surveys, or perform other actions to unlock and use your PC.

Some types of ransomware are also called "FBI Moneypak" or the "FBI virus". They often use the FBI or local police logos and ask you to pay a fine using the legitimate money transfer service Green Dot MoneyPak.

Most ransomware shows a notification that says your local authorities have detected illegal activity on your PC. They then demand you pay a "fine" (the ransom) to avoid prosecution and to get access to your files again.

We recommend that you do not pay the ransom. There is no guarantee that paying the ransom will return your PC to a usable state. The threat of prosecution does not come from a legitimate authority.

Examples of ransomware
Trojan:Win32/Trasbind.A
Trojan:Win32/Reveton.C
Trojan:Win32/Porchanspi.A

Frequently asked questions

Expand all

No. These warnings are fake and have no association with legitimate authorities. The operators of ransomware use the tone, images and logos of legal institutions to give their scam an air of legitimacy.

We don’t recommend you pay. There is no guarantee that handing over the ransom will give you access to your files again. Paying the ransom could also make you a target for more malware.

You should contact your bank and your local authorities, such as the police. If you paid with a credit card, your bank may be able to block the transaction and return your money.

The following government-initiated fraud and scam reporting websites may also help:

If your country or region isn't listed here, we encourage you to contact your country's federal police or communications authority.

For general information on what to do if you have paid, see:

There are publicly available tools online that can check a computer's IP address. Getting IP addresses is a common behavior for malware - in the case of ransomware, it’s used as another scare tactic.

Ransomware, like other malware, can arrive in a variety of ways. However, in most instances it is automatically downloaded when you visit a malicious website or a website that's been hacked.

In some cases, you can recover or restore previous versions of your files. However, the following conditions must be in place:

  • System Restore Point must have been turned on before you were infected with the malware.

  • You must already have detected and removed the malware, and there can be no traces of it on your PC. You can use Windows Defender Offline, as describe in the question below "How do I remove a ransomware infection from my PC?", to fully clean your PC.

  • Your files must be on the same PC you're using to recover them (that is, the files aren't on a network or removable drive).

OneDrive for Windows 8.1 also has a means of restoring previous versions of Microsoft documents. Similar to System Restore Point, you can look at the version history and recover files from a previous state:

  1. Right-click on a document and click Version history.

    Right-click on a document to see a menu which has the option "Version history"
  2. You can then look at previous versions of the document, so you can go back to a version that hasn't been encrypted or changed by malware.

Despite its threatening nature, ransomware is still a type of malware. We recommend the same tips to help keep any malware out of your PC:

Some ransomware may leave your PC or files in an unusable state. We recommend you regularly backup your important files. You can do this with a cloud storage service such as OneDrive, which is now fully integrated into Windows 8.1 and Microsoft Office.

Microsoft doesn’t recommend you pay the fine. There is no guarantee that paying the ransom will give you access to your files.

If you've already paid, see the question "What should I do if I've paid the scammers?" above.

The following might help you remove a ransomware infection from your PC.

Steps you can take once your PC has been cleaned

Make sure your PC is protected with antimalware software.

Microsoft has free security software that you can use:

If you don't want to use Windows Defender or Microsoft Security Essentials, you can download other security software from another company. Just make sure it is turned on all the time, fully updated, and provides real-time protection.