Help! Ransomware Has Locked My Computer Screen

What to do when you're asked to pay up to get your computer back

Ransomware is on the rise, attacking computers with threats of lost data and demands for money. There are several types of ransomware, causing varying degrees of harm to data and computers. Some types of ransomware encrypt files, while others erase files or block access to a computer.

Screen-locking ransomware stops you from using the operating system's user interface, effectively locking you out of your computer. Here's a look at this type of malware and what to do if you find yourself confronted with this situation.

Ransomware most frequently targets the Windows operating system, but macOS, iOS, and Android aren't immune to this threat.

A thief stealing cash next to a laptop computer, depicting ransomware
Kirk Marsh / Getty Images

What Is Screen-Locking Ransomware?

Unlike file-encrypting ransomware, such as CryptoLocker, screen-locking ransomware blocks access to a computer, effectively holding the computer hostage rather than specifically targeting data.

When you power on an infected computer, all you see is a ransom note demanding payment if you want to use the computer again. Often, the message appears to come from an official source, such as the FBI or Homeland Security, further intimidating and manipulating you.

The ransom note also may accuse you of visiting an illegal site.

Example of a Your Computer Has Been Locked ransomware message.

Ransomware targets consumers and businesses. However, scammers tend to reap a more rewarding profit when they attack businesses.

How Does Screen-Locking Ransomware Get There?

The unwitting actions of a user often cause a screen-locking ransomware infection. The user may click a suspicious link in a spam email, visit a malicious website, or spend time on a website that's been compromised.

Other times, user engagement isn't necessary to initiate a screen-locking ransomware infection. Drive-by downloads occur when a user downloads a legitimate product but doesn't realize a malicious program has hitched a ride onto their computer.

Users may also become victims of malvertising. This happens when malicious code is injected onto legitimate advertising sites.

Victims usually aren't targeted for ransomware infections. Rather, these attacks are opportunistic, taking advantage of unsuspecting users.

What to Do When You Have a Screen-Locking Ransomware Infection

If you're the victim of screen-locking ransomware, first and foremost, never pay the ransom. Paying delivers money to criminals and reinforces the effectiveness of this type of scam. Plus, there's no guarantee that the hackers will open the computer. Even the FBI endorses this line of thinking.

Instead, focus on restoring the computer. Contain the infection, remove the ransomware, and put measures in place to prevent future ransomware attacks.

Take a picture of the ransomware note. This is helpful when identifying and attempting to remove the infection.

Contain the Infection

Ransomware is designed to spread, so do your best to stop the infection. Disconnect the infected computer from the internet and any local area network to prevent spreading the malware. Disconnect any external hard drives or USB storage devices, as well.

Identify and Remove the Ransomware

Identify the type of screen-locking ransomware that infected your computer. Experts say that screen-locking ransomware is easier to remove than file-encrypting ransomware.

A few excellent tools can help you identify the ransomware and then remove it. No More Ransom is an initiative created by the National High Tech Crime Unit of the Netherlands' police, Europol's European Cybercrime Centre, Kaspersky, and McAfee. It helps ransomware victims restore their computers without capitulating to the cybercriminals.

To use No More Ransom, go to a clean, uninfected computer and enter the requested information, such as the verbiage of the ransom note. No More Ransom then points you toward a ransomware-removal tool that is most likely to help.

Another option is to restart the computer in Safe Mode and run an antivirus scanner, such as one of the Trend Micro free anti-ransomware tools or the Kaspersky anti-ransomware product.

Other good ransomware-removal tools include Spy Hunter, ID Ransomware, CryptoLocker Ransomware, Thor Home, Comodo Anti-Malware, and MalwareBuster.

If you can unlock the screen, restore the computer to a previous state before the ransomware struck. Windows has the System Restore tool. macOS Recovery has tools to restore from Time Machine, reinstall macOS, and more.

The most failsafe ransomware-infection solution is to wipe the computer and reinstall everything from a good backup.

Prevent Future Ransomware Infections

To prevent screen-locking ransomware infections and other malware attacks, invest in top-notch cybersecurity protection for your computer, whether you're a home user with one computer or an office with multiple networked machines.

Maintain consistent and thorough backups of your computer so you can restore your files in case anything happens. Turn on automatic system and software updates to install the latest security patches and features.

Finally, be vigilant about not clicking links, opening attachments, and visiting unsafe sites. Also, teach these cybersecurity best practices to anyone on your network.