Scam medium:

  • Email and text
  • Internet


  • Businesses
  • Individuals

What is ransomware

Ransomware typically involves criminals gaining access to a network or device and encrypting data to make either the system or data inaccessible to users. Cybercriminals demand the payment of ransom in order for victims to be able to decrypt their data or regain access to their networks.

Ransomware can impact a range of devices, from personal mobile devices through malicious applications to entire corporate networks. Ransomware infections can vary in their technical sophistication and level of compromise.

Below are some common types of ransomware:

Cybercriminals will also often attempt to extort victims by threatening to leak victim data online, and harass victim customers and employees to extort ransomware payments from victim organizations.

Most ransomware incidents start with an email phishing campaign. The email will contain an attachment which can be an executable file, an archive or an image or a link. Once the attachment is opened or the link is clicked, the malware is then released onto the user's system. The malware can remain dormant for many days or months before files or systems are encrypted or locked.

Other ways networks and devices can be affected are:

Warning signs and how to protect yourself

Why you should report ransomware to local police and the CAFC

In order for law enforcement to combat fraud and cybercrime, it is essential that those who experience, or fall victim, report it to their local police and the CAFC. Local police are positioned to respond to victims in their jurisdictions and the CAFC supports law enforcement by sharing information collected through these reports to the National Cybercrime Coordination Unit (NC3) and its partners. Learn more about why you should report cybercrime and fraud.

Note: The CAFC and the NC3 have a close working relationship given the strong and evolving links between fraud and cybercrime. The two programs provide distinct services to the law enforcement community to combat crimes related to these domains and will increasingly provide highly coordinated services when there is a connection between fraud and cybercrime activities.

Date modified: