Do you have difficulty accessing files on your computer, and you have a message demanding payment to make these files accessible again?

You may be the victim of ransomware.

What is ransomware?

Ransomware is software that infects your machine, encrypts your files so that you can no longer access them, and then demands payment to grant you access to these files. Infecting machines with ransomware is illegal.

How can I get ransomware?

Typically, ransomware is spread in two ways: an exploit is used to get access to the computer, or a user installs unintended software (typically through a phishing attack). When this software is executed, it encrypts all user files it can find and searches for other vulnerable machines on the network.

There are several things you can do to reduce your chances of getting malware. Make sure your computer's security patches are up to date. Don’t download files that are likely to contain viruses (eg: torrents, random email attachments), and always use virus protection. Use a separate non-admin account for daily use. You should make periodic offline backups to have a copy of your files should they be encrypted.

What can I do?

Unfortunately, there is little you can do if your computer is compromised. If the attacker is skilled, it will be nearly impossible for you to recover these files.

Start with a search for the specific type of ransomware your system was compromised with. For example, WannaCry was a large ransomware attack in Spring 2017. There may be a known weakness in the encryption or attack method that can be exploited to recover the files.

We highly discourage you from paying the ransom fee. Paying these fees encourage people to infect more computers with similar attacks in the future. Furthermore, there is no guarantee that the attacker will decrypt the files as they promise. They could take your payment and disappear.

If you find it too difficult decrypt the files, you need to re-install your operating system and start over. Even if you find a way to decrypt the files, you should still re-install. The attacker could have manipulated your computer in another way, such as installing a keylogger. Here are guides for Windows 10, MacOS Sierra, and Ubuntu.

Didn't find what you were looking for?

It is possible that you are having a different issue than ransomware. Try unwanted system mining or unwanted in-browser mining. If you still haven’t found what you need, The Monero Malware Response Workgroup is here to help you get your computer back to normal. If you would like assistance, please visit #monero-mrw. We hope to include a simpler in-browser support system in the future.