us Technology & digital loss ransom note file • read me file appeared • ransomware note on pc • files suddenly encrypted • strange file extensions • computer says pay bitcoin • desktop wallpaper ransom • locked out of files • malware ransom message • suspicious txt html note • pop up ransom demand • network drive files renamed • shared folder encrypted • new README instructions • decryption key demand • unknown program running • computer compromised • cyber attack at home • hacked laptop ransom

What to do if…
you find a new “read me” or ransom-style note file on your computer

Short answer

Immediately isolate the computer (disconnect from Wi-Fi/ethernet) and switch to a different device to get help and report the incident.

Do not do these things

Don’t pay the ransom or start messaging the attacker.
Don’t click links, open attachments, or run “decryptor” tools mentioned in the note.
Don’t plug in backup drives or USB sticks to “save what you can” — you could encrypt/infect them too.
Don’t try to restore from backups yet.
Don’t sign into email, banking, or work accounts from the affected computer.
Don’t wipe/reinstall right away if you may need professional help or reporting details.

What to do now

Isolate the device right away. Turn off Wi-Fi and unplug ethernet. If you see active encryption (files rapidly changing/renaming), power the device down to stop further damage.
Disconnect other storage and reduce spread. Unplug external drives. If the computer is connected to shared folders or a home NAS, disconnect it from the network to reduce the chance other devices get hit.
Record what you saw (without engaging). Take photos/screenshots of the note, the file name(s), any contact info shown, and the time/date you discovered it. Note any new file extensions and which drives/folders are affected.
From a clean device, secure your key accounts. Change passwords for email first, then banking, Apple/Google/Microsoft accounts, and any password manager. Enable MFA. Review recent login/security alerts if available.
If this involves work/school systems, stop and escalate. Contact your IT/security team immediately and follow their instructions. Don’t attempt “DIY cleanup” on a managed device.
Report it (USA). Report once to federal authorities via the FBI’s Internet Crime Complaint Center (IC3) or your local FBI field office. You can also report through the #StopRansomware routes (including CISA and a U.S. Secret Service field office).
Consider professional incident response for safe cleanup/recovery. A reputable security/IT professional can help confirm what was affected, remove malware safely, and recover from backups without reinfecting restored data.
Protect finances if there’s any chance credentials were exposed. If you used banking/shopping on that device, contact your bank/card issuer’s fraud line, ask about monitoring, and change credentials from a clean device.

What can wait

You don’t have to decide immediately about payment — focus on containment and account security first.
You don’t have to restore files today — only restore once you’re confident the device and the backups are clean.
You don’t have to notify everyone at once — start with accounts that can reset others (email, phone, password manager).

Important reassurance

A ransom note is designed to create urgency and panic. Disconnecting and moving to a clean device is a calm, effective way to stop the situation from escalating while you get support.

Scope note

These are first steps only. Full recovery may involve backups, system rebuilds, and checking whether any data was taken, which can be complex.

Important note

This guide is general information, not professional cybersecurity, legal, or financial advice. If sensitive personal data or any organization is involved, get qualified help and follow formal incident processes.

Additional Resources

Support us

What to do if…you find a new “read me” or ransom-style note file on your computer