Protect Yourself from Ransomware

Report & Respond Ransomware

If you suspect ransomware on a device used to store or manage U-M data, report it as an IT Security Incident immediately.

If you manage U-M or unit systems, computers, or data, you are responsible for taking steps to protect them from ransomware. See Ransomware Mitigation.

Protect yourself from ransomware and other threats:

  • Don't open unexpected email attachments. Check with the sender first.
  • Check links in email before clicking by hovering over them with your mouse. Learn what to look for at Don't Fall for Phish!
  • Make backups of your data, and keep them separate from your device. See Desktop Backup or for details about backing up your desktop or MIBackup for information about server backups.
  • Install and use endpoint protection software to protect against threats including ransomware and other malware, such as viruses. 
  • Apply updates and fixes as soon as possible, before malicious actors take advantage of known vulnerabilities to cause harm.
  • See Secure Your Devices for advice on protecting your personal devices and data from ransomware and other threats.

If you use your personal devices for U-M work:

If You Get Ransomware

If you get hit with ransomware, don't pay the ransom. There are no guarantees when you are dealing with criminals. Prevention and having good, current backups are the best way to recover from ransomware attacks.


Report ransomware as an IT Security Incident for devices used to access, store, or manage U-M data.

If you suspect or know that ransomware has infected a computer, take the following actions immediately:

  • Contain the incident by:
    • Disconnecting remote and network access.
    • Keeping the machine out of use.
  • And Do Not:
    • Run anti-virus software
    • Power down the machine
    • Attempt any kind of unilateral mitigation procedure

Spread the Word, Stop Ransomware

Use these resources from the Safe Computing Media Archive to warn others about ransomware:

Ransomware Information & Resources

  • The U.S. Government's official one-stop location for resources to tackle ransomware more effectively.
  • No More Ransom ( Provides a Q & A and prevention advice. If a device is used to store or manage U-M data, always report it immediately.