What is ransomware?

Lynn Wright / 07 April 2016

Ransomware holds your files hostage until you pay a ransom to unlock them. Here’s how to stop ransomware, get your files back, and keep your PC safe.



Ransomware is a malicious type of software – known as malware – that holds your PC to ransom by encrypting your files and demanding money to unlock them. 

It’s also known as the FBI Virus or FBI Moneypak as it often shows the FBI logo in the ransom message.

Seven common password mistakes... and how to avoid them

What does ransomware do?

There are lots of different types of ransomware but they all do the same thing: prevent you from using your PC or accessing your files without paying the criminals behind the ransomware.

Ransomware is designed to scare victims. Often, ransomware will display a message that claims you’ve committed a crime, such as visiting an illegal website and threatens to report you to the police unless you hand over money. These claims are designed to frighten you into paying the criminals and stop you getting help to remove the ransomware.

Ransomware will display instructions on how to pay the ransom – usually around £100 – as well as a countdown clock that, once reached, will destroy the key needed to unlock your files.

Three best free antivirus software for your PC

How do I get ransomware?

Ransomware is often installed when visiting a malicious website, often via pop-up windows that appear when you load the webpage. 

It can hide inside files attached to emails, or inside files you download from the internet. 

Ransomware often pretends to be a legitimate file, such as a game that you want to play, especially if you’re not downloading the file from its official website.

10 tips for using public wi-fi safely

What should I do if I get ransomware?

Don’t pay. There’s no guarantee that your files will be unlocked and you could expose yourself to more demands from the criminals. Paying makes you a target for more malicious software attacks.

How do I remove ransomware and get my files back?

First, run Windows Defender Offline. You can download this from Microsoft using a different uninfected PC onto a USB drive or copy it to a DVD, then restart your infected PC using the Windows Defender Offline media. Scan and remove the ransomware. 

You can also try tools, such as Trend Micro Anti-Ransomware, that can remove ransomware.

You won’t be able to unencrypt your files. If you use Windows’ File History, you can restore backed-up files from an external hard drive, once the ransomware and encrypted files are removed.

10 sure-fire signs your computer has a virus

How do I stop ransomware?

Ensure you have up-to-date security software and keep Windows up-to-date. 

Use Smart Screen in Internet Explorer to stop ransomware being installed via a malicious website. 

Don’t open email attachments or download files from people or sites you’re not familiar with.

Regularly back-up your PC to an external hard drive too, and also copy files to cloud storage services, such as Microsoft OneDrive or Google Drive. These files will be safe from any ransomware infection.

For more tips and useful information, browse our technology articles

The opinions expressed are those of the author and are not held by Saga unless specifically stated.

The material is for general information only and does not constitute investment, tax, legal, medical or other form of advice. You should not rely on this information to make (or refrain from making) any decisions. Always obtain independent, professional advice for your own particular situation.