Report a
ransomware attack.

Ransomware is malicious software that encrypts your files or locks your computer, then demands payment (usually in cryptocurrency) for the decryption key. The FBI received 2,825 ransomware complaints in 2023 with reported losses exceeding $59 million in ransom payments alone. But the true cost — including business downtime, data loss, IT recovery, and reputational damage — is estimated at over $20 billion annually in the United States.

Most ransomware infections begin with a phishing email containing a malicious attachment or link. An employee clicks a document that appears to be an invoice or shipping notification, and the ransomware silently encrypts files across the network. Within hours, a ransom note appears demanding cryptocurrency payment. Modern ransomware gangs also practice "double extortion" — stealing data before encrypting it and threatening to publish it if the ransom isn't paid.

Should you pay the ransom?

The FBI recommends against paying ransoms because payment funds criminal operations and doesn't guarantee you'll get your data back. Studies show that only about 65% of victims who pay actually receive a working decryption key, and 80% of those who pay are attacked again. However, the decision is complex for businesses facing existential data loss. Before paying, check No More Ransom — a coalition of cybersecurity companies that has developed free decryption tools for many ransomware variants.

Immediate steps after a ransomware attack

1. Disconnect from the network — unplug ethernet and disable WiFi to prevent spread. 2. Don't turn off the computer — some ransomware variants store keys in RAM. 3. Take a photo of the ransom noteincluding any wallet addresses. 4. Report to FBI IC3 and CISA (cisa.gov/stopransomware). 5. Contact a cybersecurity professional before attempting any recovery. 6. Check No More Ransom for free decryption tools. Backup your data regularly and keep backups offline — it's the single best defense against ransomware.