By clicking a retailer link you consent to third party cookies that track your onward journey. If you make a purchase, Which? will receive an affiliate commission which supports our mission to be the UK's consumer champion.
Ransomware: what it is and how to stop it
Ransomware is a nasty online threat that hijacks your computer and holds it to ransom. Learn more about the ransomware virus and how to prevent it.
Ransomware is a type of virus that holds your computer and the files on it to ransom, demanding payment for you to regain access.
Sadly, ransomware attacks are on the rise, and individual PCs and even Macs can be at risk of being targeted.
In this guide, we’ll help you get savvy about what ransomware is, how to detect it and, if the worse happens, how to remove ransomware from your computer.
Keep your computer and data safe with the best antivirus software
What is ransomware?
A ransomware virus can lock up your system or encrypt the files on your PC, making them unusable unless you pay up for a key code. Cyber criminals are sneaky with their ransomware scams, sometimes even pretending to be the police. They may accuse you of downloading illegal material or adult content to trick or embarrass you into paying a fee.
There are four simple and effective steps you can follow to protect yourself.
- Be very careful about any unsolicited message or emails you receive. Don't download attachments you've not been expecting or click links that are trying to persuade you to give away personal details. You can always contact a company directly if you want to check if a message is genuine
- Only download software and apps from a trusted source, such as the Microsoft Store, and other reputable software manufacturers. Mac users can use the App Store app in their Dock
- Always keep your PC operating system updated so you have the latest security protections. Macs do so by default. As does Windows 10/11 - to check your settings if you've been putting off an update, click Start, Settings, Windows Update (Update & Security in Windows 10) and click the Check for updates button
- Stay on top of the latest scams - sign-up to our free Scam Alerts service.
Extra protection against ransomware
Windows 10 and 11 allows you to turn on a setting that protects folders from unauthorised programs such as ransomware. To turn it on, open the Windows Security app (select the shield icon from your Taskbar - if you can't see it, click Show hidden icons, which looks like ^). Scroll down, select Ransomware protection and click Controlled folder access to turn it on.
Apple claims Mac is protected by built-in antivirus software which blocks and removes threats.
For the greatest peace of mind, consider downloading a top notch antivirus software to further boost your security. We know you won't need to pay a penny as our lab tests have identified the best free programs, as well as quality paid-for software.
See the best antivirus software and the best antivirus software for Apple Macs.
How to remove ransomware
If you see a message demanding a fee to regain access to your files or parts of your computer, don’t panic, and certainly don't pay the fee. You will just be putting money in the criminals’ pockets, and there's no guarantee they will honour the deal and release your files. Plus, you will be revealing your bank details to the attackers.
Disconnect your computer from the internet, as the malware might be trying to send out your data to the attackers. To do this in Windows, right-click the wi-fi symbol on your Windows taskbar (at the bottom of your screen). Select Open Network & Internet Settings. In the left-hand column, click Wi-Fi and, in the next window, select the Wi-Fi toggle to switch it off. If it's directly plugged in to your router, just unplug it.
If your PC is locked (meaning that when you boot it up you're immediately confronted by the ransomware message), you’ll need to put it in safe mode. To do this, complete the following steps:
- From the sign-in screen, press and hold your keyboard's shift button while you click on Power and then Restart
- After your PC has restarted you should now see a blue screen titled 'Choose an option'. Click Troubleshoot, click Advanced options, click Startup Settings and Restart
- After your PC restarts again, you should see a list of options - select option 4 and this will enable safe mode.
As long as you have regularly set system restore points on your PC, then from the Safe Mode boot screen you can revert to a state before your PC was infected.
Join Which? Tech Support – stay on top of your tech and get unlimited expert 1-2-1 support by phone, email, remote fix and in print.
Already a Tech Support member? Book a Tech Support appointment whenever you need help.
How to set up a restore point
Type 'create a restore point' into the search panel next to the Start button on your PC. Click Create a restore point and a pop-up box will appear, click Create. Name your restore point (we find it useful to simply use this month and year) and click Create. Once finished, your PC will confirm and you can click Close' and 'Ok.
Other help and support is available from the No More Ransom website. It was created by the Dutch police's National High Tech Crime Unit in collaboration with the Europol European Cybercrime Centre and antivirus companies, Kaspersky and McAfee, to help people hit by ransomware.
It provides various tools, including a 'crypto sheriff' detection system for assessing the ransomware infection and also decryption tools for potentially retrieving lost files.
Will security software stop ransomware?
Although online attacks such as ransomware are constantly evolving, having up-to-date antivirus software on your PC can protect you from most threats. With a few exceptions, antivirus has excellent protection from ransomware. This is also true regardless of whether its a free or paid-for antivirus.
Some antivirus programs offer extra protection, such as the Ransomware Shield in AVG Internet Security and Avast Internet Security, or time machine backups (the Mac equivalent to Windows restore points) safeguards in Bitdefender Antivirus for Mac.
You can also download Norton Power Eraser for free. This is a recovery tool that helps if your PC gets infected. If your infected PC is totally locked, you may need to use another computer to download the software to a USB stick and run it on the infected machine in safe mode.
If all this fails and you need more assistance, find a reputable computer repair company in your local area with Which? Trusted Traders.
Also consider joining Which? Tech Support. Our experts explain things clearly so that you can resolve issues and feel more confident using your devices. Our members get expert 1-2-1 support via the phone and email. We can even help via remote fix, where we connect securely to your home computer and resolve issues while you watch.
Can my Mac be hit by ransomware?
Macs are certainly not immune to viruses, but compared with PCs, it's still unlikely your Mac will get infected. Most viruses are written for Windows PCs as there are a lot more of them in the world, including in major corporations. However, cases of malware targeting the macOS operating system specifically has increased.
Apple’s in-built features in macOS, such as XProtect and Gatekeeper, do a good job at fending off most online threats. But you should still exercise caution when you download or install programs. You may want to get a top-quality free or paid-for Mac antivirus to get some extra protection.
Tech tips you can trust Get our free Tech newsletter for advice, news, deals and stuff the manuals don’t tell you
Latest News In
Which? Computing
5 safe ways to unjam a paper shredder
09 Feb 2024
How to get Microsoft Office for free
26 Jan 2024
7 things to do with your new iPad or tablet
21 Dec 2023
Best Amazon Fire tablets for Christmas
16 Dec 2023
What is an AI chatbot and which one is best?
13 Dec 2023