Computer Ransomware



The Attorney General provides Consumer Alerts to inform the public of unfair, misleading, or deceptive business practices, and to provide information and guidance on other issues of concern.  Consumer Alerts are not legal advice, legal authority, or a binding legal opinion from the Department of Attorney General.

Computer Ransomware - Holding Your Files Hostage

If you lost all the files and pictures on your computer, how much would you pay to get them back? Some criminals think people will pay several hundred dollars. It turns out that these criminals may be right, and are using this knowledge to cash in on consumers. According to some estimates, criminals using a new type of computer malware called “CryptoLocker” have made over $20 million in just a few months. "CryptoDefense" - a copycat competitor to CryptoLocker - charges up to $500 to decrypt the files they invade and lock.  If their four-day deadline passes, the amount goes up to $1,000.  After a month, the keys are destroyed.  If your computer is connected to the internet, there are a number of steps you should take to avoid or minimize the damage of falling victim to CryptoLocker, CryptoDefense, CryptoWall or other types of Ransomware.

What is Ransomware?

As the name suggests, Ransomware is a type of malware that holds a computer’s files hostage until a “ransom” is paid. Once installed on a computer, it begins “encrypting” or locking files including documents, pictures, videos, MS Office files and PDFs. Ransomware can also affect files stored on shared network drives, USB drives, external hard drives, and even cloud storage drives in some cases. The malware then displays a message demanding payment within a set period of time, or the “key” to decrypt the files will be destroyed and the files will be lost forever.

These Ransomware criminals demands payment of the ransom by Bitcoin or MoneyPak, two essentially untraceable payment methods. Once payment is confirmed, the program promises to decrypt the encrypted files. However, some victims have reported that their files were not decrypted even after paying the ransom.    

CryptoLocker is most commonly spread through fraudulent emails with malicious links or attachments. Many victims have reported that the fraudulent emails appeared to be from FedEx or UPS and had tracking notices attached.  CryptoDefense usually spreads by pretending to be flash updates or video players required to view an online video.  It also can be an email with a zip file directing the recipient to 'open the document' that was supposed to have been 'scanned and sent to you.'"  

What should you do?

Whether you are using your home computer or a network computer where you work, there are a number of actions you can take to protect yourself against Ransomware.

  1. Backup, Backup, Backup. Regularly backup your files and keep these backups in an offline location that is not connected to the internet.
  2. Careful What You Click. Be careful about the email attachments you open and the links you click. As a rule, you should never open an unsolicited email from a source you do not recognize.
  3. Anti-Virus Software. Keep your anti-virus software up-to-date.
  4. Software Updates. Keep your operating system and other software up-to-date with the newest patches.

If you believe your computer is infected with Ransomware, some steps may minimize the damage.

  1. Disconnect From The Internet ASAP. Disconnecting from the internet may prevent the malware from encrypting some files.
  2. Contact A Computer Professional. A professional can help remove the malware, but will likely be unable to retrieve your encrypted files.
  3. Change Passwords. Change your passwords once the computer is disconnected from the internet, and again when the computer is cleared of the malware.

If you become a victim of Ransomware, think long and hard before paying the ransom. First, the FBI directs those infected with Ransomware to not pay as this will likely lead to more scams.   As more people pay the ransom, the incentives for criminals to keep spreading this malicious program increases. Second, there is no guarantee that once you pay, the criminals behind Ransomware will actually decrypt your files. Third, some firms have recovered a portion of the private decryption keys and are currently offering these keys to consumers for free. Nevertheless, if you routinely backup your files, the amount of files you lose should be minimal.

In addition, victims should contact the local police and report the matter.  You should also file a complaint with the FBI’s Internet Crime Complaint Center and with the Department of Attorney General’s Consumer Protection Division.

The U.S. Computer Emergency Readiness Team issued alerts with additional information about CryptoLocker and Ransomware generally.  For more information about fraudulent emails generally, please see the Attorney General’s consumer alert “Fraudulent E-mail Thieves Intend to Steal Your Personal Information.” 

Contact the Attorney General's Consumer Protection Division

Consumers may contact the Attorney General's Consumer Protection Division at:

Consumer Protection Division
P.O. Box 30213
Lansing, MI 48909
Fax: 517-241-3771
Toll free: 877-765-8388
Online complaint form