Skip to main content


Ransomware is a form of malicious software, or malware, that encrypts a victim’s files, preventing access. The Ransomware attacker then demands a ransom from the victim to restore access to the data upon payment. Attackers will threaten to publish the victim’s data, data about third parties, or perpetually block access to the data unless a ransom is paid. Ransom is generally demanded to be paid in a difficult-to-trace digital currency, such as Bitcoin or other cryptocurrencies.

Ransomware attacks typically use a Trojan disguised as a legitimate file to trick the user into opening or downloading, often as an email attachment, an embedded link in a phishing email, or a vulnerability in a network service.

Ransomware is an ongoing threat, with small- and medium-sized businesses, state and local governments, colleges and universities, hospitals and healthcare providers, and critical infrastructure entities all targets of these malicious actors.

Some simple tips for avoiding becoming the victim of Ransomware include:

  • Do not open attachments or click on a URL link in unsolicited emails, even if from someone in your contact list.
  • Implement a training program that includes guidance on how to identify and report suspicious activity or incidents.
  • Keep operating systems, software, and applications up to date.
  • Use multi-factor authentication (MFA) where available.
  • Use a pop-up blocker.
  • Only download software from sites you know and trust.
  • Ensure that antivirus and anti-malware solutions automatically update and run regular scans.
  • Back up data regularly and secure the backup offline from that network or computer(s).
  • Create a continuity plan in case your business or organization is the victim of a ransomware attack.

For additional Ransomware resources: