https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx

Ransomware

What is ransomware?

Ransomware stops you from using your PC. It holds your PC or files for ransom.

Some versions of ransomware are called "FBI Moneypak" or the "FBI virus" because they use the FBI's logos.

What does it look like and how does it work?

There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.

They can:

• Prevent you from accessing Windows.

• Encrypt files so you can't use them.

• Stop certain apps from running (like your web browser).

They will demand that you do something to get access to your PC or files. We have seen them:

• Demand you pay money.

• Make you complete surveys.

Often the ransomware will claim you have done something illegal with your PC, and that you are being fined by a police force or government agency.

These claims are false. It is a scare tactic designed to make you pay the money without telling anyone who might be able to restore your PC.

There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.

How do I protect myself against ransomware?

You should:

• Install and use an up-to-date antivirus solution (such as Microsoft Security Essentials).

• Make sure your software is up-to-date.

• Avoid clicking on links or opening attachments or emails from people you don't know or companies you don't do business with.

• Ensure you have smart screen (in Internet Explorer) turned on.

• Have a pop-up blocker running in your web browser.

• Regularly backup your important files.

You can backup your files with a cloud storage service that keeps a history or archive of your files, such as OneDrive which is now fully integrated into Windows 8.1 and Microsoft Office.

After you've removed the ransomware infection from your computer, you can restore previous, unencrypted versions of your Office files using "version history".

See the question "How do I get my files back?" above for more help on how to use this feature in OneDrive.

For more tips on preventing malware infections, including ransomware infections, see:

• Help prevent malware infection on your PC.

How do I remove ransomware from my PC?

 You should:

• Install and use an up-to-date antivirus solution (such as Microsoft Security Essentials).

• Make sure your software is up-to-date.

• Avoid clicking on links or opening attachments or emails from people you don't know or companies you don't do business with.

• Ensure you have smart screen (in Internet Explorer) turned on.

• Have a pop-up blocker running in your web browser.

• Regularly backup your important files.

You can backup your files with a cloud storage service that keeps a history or archive of your files, such as OneDrive which is now fully integrated into Windows 8.1 and Microsoft Office.

After you've removed the ransomware infection from your computer, you can restore previous, unencrypted versions of your Office files using "version history".

See the question "How do I get my files back?" above for more help on how to use this feature in OneDrive.

For more tips on preventing malware infections, including ransomware infections, see:

• Help prevent malware infection on your PC.

Top ransomware

•  Ransom:HTML/Crowti.A

• Ransom:Win32/Crowti
• Ransom:HTML/Tescrypt.A
• Ransom:Win32/Crowti.A
• Ransom:Win32/Nymaim
• Ransom:Win32/Nymaim.F
• Ransom:Win32/Tescrypt.A
• Ransom:Win32/Troldesh.A
• Ransom:Win32/Reveton.V
• Ransom:Win32/Reveton

I want to...

• Get help

  Remove difficult malware

  Avoid tech support phone scams

  See and search the latest threats

  Find answers to other problems

• Fix my software

• Download and update

• Submit a file