Ransomware is malware that prevents or limits users from accessing their files or devices until they pay a ransom. Ransoms can range from hundreds to thousands, even millions of dollars. 


Crypto Ransomware

Crypto ransomware locks access to data by encrypting certain file types on an infected device. This malware typically appears through spam email and asks the user to click a link, download a file or visit a specific website. Once the user has followed the malware’s instructions and opened the infected file, the malware will target and encrypt valuable files.

Locker Ransomware

Locker ransomware does not encrypt files but instead locks the user out of a device or system entirely. This malware also appears through phishing attacks and uses bullying tactics to force users to pay to regain access.


Scareware is fake software that claims it has detected a virus on your device and that you must pay to resolve the problem. Scareware might lock your computer or flood your screen with pop-up alerts.


Leakware attempts to make you panic by threatening to leak sensitive or damaging personal information about you if you do not pay the ransom. This attack sometimes claims to be sent from law enforcement and warns that you can avoid jail time by paying a fine.

Warning Signs


Locked Device

Ransomware will lock your web browser or desktop and prevent you from accessing your files. You may see a "ransom note" message on your screen or a .txt file saved on your device with instructions of how to pay to unlock your device.


New File Extensions

If you notice a new file extension appended to your filenames, they are likely locked by ransomware. Some common ransomware file extensions are .ecc, .xyz, .zzz, .encrypted, .locked and .crypto.



Always understand what you are downloading and installing 


Only download from websites you trust 


Do not click links or open attachments in emails pushing you to download or install a file 


Do not give unknown software administrative permission 


Keep your system up to date by setting automatic updates 


Run an antivirus software scan to check for malware that might be active in the background 


Keep your firewall always turned on 


Install a browser add-on to stop pop-ups 


Disable the AutoPlay feature on Windows 


Switch off any unused Bluetooth or wireless connections 


Back up sensitive information to a secure location, such as cloud storage or an external hard drive 


What to Do

If you have been targeted by ransomware at FSU:

If you have been targeted by ransomware at home:

  • Never pay the ransom; it is best not to negotiate with cybercriminals, and caving in and paying encourages this type of crime 
  • If you catch the ransomware in action, shut off your computer and disconnect from the internet to stop the ransomware from spreading to other devices 
  • Use your security software to scan and clean malware from your computer 
  • Use a ransomware decryption application to decrypt your files and access them again 
  • Restore a clean backup of all your files from your backup storage


Understanding Ransomware

Quick video explaining what ransomware is and how it works


Ransomware Response Checklist

11 steps for cybersecurity professionals to follow to develop a ransomware incident response plan