US flag signifying that this is a United States Federal Government website

  Official website of the Cybersecurity and Infrastructure Security Agency

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  1. About NICCS >>
  2. Featured Stories >>
  3. Reduce the Risk of Ransomware

Reduce the Risk of Ransomware

Ransomware has become a significant cyber threat to our Nation, claiming victims such as local governments, hospital networks, and most recently K-12 schools. While ransomware incidents are prevalent among government entities and critical infrastructure organizations, individuals are still very much at risk. Malicious actors can target anyone with a device connected to the internet or important data stored on their network. In some cases, personal attacks may be more detrimental considering home users don’t typically have a backup strategy in place.

To help prevent and mitigate ransomware attacks, the Cybersecurity and Infrastructure Security Agency (CISA) released information and resources for organizations and individuals.

What is ransomware?

Ransomware is a type of malicious software, or malware, designed to infect computers and encrypt files until a sum of money or other form of ransom is paid. After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible devices.

Malicious cyber actors commonly distribute ransomware through phishing emails or “drive-by downloads”. Phishing emails are messages that appear to be from a legitimate organization or a contact familiar to the victim which can entice the user to click on a corrupt link or open an infected attachment. A “drive-by download” is a program that automatically downloads from the internet without the user’s consent and often without their knowledge. It is possible the corrupt code may run after download, without user interaction. After the code has run, the computer becomes infected with ransomware.

Why should you care?

Consequences of a ransomware attack can be severe and there is no guarantee a user will recover the files, even after paying the ransom. On a personal level, an infection can result in financial damage or disclosure of sensitive information. On an organizational level, ransomware can cause business disruptions, financial damage from a payout or costly investigations, and reputational damage causing loss of current or potential customers.

Additionally, the goal of ransomware is not always to get money but potentially to serve as a distraction for other malicious purposes. These distractions could be hiding a traditional attack against the network, covering traces of an earlier attack, providing cover while data is stolen from the network, or even limiting or destroying productivity of the system while the IT team is busy dealing with a very visible ransomware infection.

CISA Ransomware Resources  

CISA developed a series of resources to help spread awareness about ransomware attacks, protective measures, and response tactics.

CISA’s new Ransomware webpage has the necessary resources to help individuals and organizations protect, detect, respond to, and recover from a ransomware attack. This webpage includes alerts, fact sheets, trainings, and more.

Additional ransomware resources:

Victims of ransomware should report it immediately to CISA at, a local FBI Field Office, or Secret Service Field Office