Skip to main content

What to do if you're held to ransom

Icon of a book with an information symbol on it

A guide to remove ransomware, recover your files and protect yourself against future attacks.

Ransomware is a common and dangerous type of malware. It works by locking up or encrypting your files so that you can no longer access them.

A ransom, usually in the form of cryptocurrency, is demanded to restore access to the files, or to prevent data and intellectual property from being leaked or sold online.

This guide has simple steps to follow if you are a victim of ransomware. The first section will show you how to respond if one of your devices is infected with ransomware. The second section will help you to recover your files and restore your devices.

Not all ransomware attacks are the same so some of the steps in this guide may not apply to your situation. Use the actions that best suit your case.

Never pay a ransom

There is no guarantee you will regain access to your information, nor prevent it from being sold or leaked online. You may also be targeted by another attack.

Call the Australian Cyber Security Centre 24/7 Hotline on 1300 CYBER1 (1300 292 371) if you need cyber security assistance.

Respond to a ransomware attack

Start here if you are experiencing a ransomware attack.

Work through the steps below as quickly as you can. Acting quickly could stop the ransomware from spreading.

Recover from a ransomware attack

Now that you’ve responded to a ransomware attack, it’s time to recover your information, restore your infected devices and report the incident.

Note: At the end of this guide, you will be given guidance on reporting the incident. In some cases you may need to make reports urgently, for example, to meet obligations to your customers or your insurance company. Consider if you have any urgent reporting requirements before you begin the next step. 

Prevent future attacks

Was this information helpful?
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it