Here’s a collection of 40 ransomware screenshots. (last updated 05/24/18) Here you can see how the interface varies, but the demands are very similar. We see a range of payment methods from Bitcoin, MoneyPak, and Paypal.Not to mention, strange forms of payment such as sending nudes and playing an online game.

Notice the psychological tricks they play on your emotions. A couple ransomware screenshots declare they took a photo and video of you using your webcam as evidence. Others use a countdown timer promising the key will be destroyed and you’re out of luck. How would you feel if you saw one of these on your computer screen?


UPDATE: Crypton ransomware screenshot added (5/24/18):

crypton ransomware screenshot

Crypton Ransomware screenshot
Photo Source: BleepingComputer.com


Photo Source: BleepingComputer.com

StalinLocker ransomware gives you ten minutes to enter the correct decryption key or it will delete all your data. While the clock is ticking, this ransomware plays the USSR anthem with a large photo of Stalin. This ransomware was discovered by MalwareHunterTeam and featured on BleepingComputer.com 

pubg ransomware

PUBG ransomware doesn’t ask for any money, just that you play PlayerUnknown’s Battlegrounds for one hour in exchange for a decryption key. However, it’s been verified by VG24/7 that you only need to run the game for three seconds.

zenis ransomware

ZENIS ransomware – Photo source: Bleepingcomputer.com



SAMSAM RANSOMWARE – Popular hitting hospitals. SCREENSHOT: Photo Source – Bleepingcomputer.com

saturn ransomware screenshots

Unusual ransomware that requests you to download the Tor browser to follow additional payment instructions.

file spider ransomware screenshot


ESET has researched the BadRabbit ransomware and believes it is spreading through fake flash updates. The majority of victims targeted are large companies in Russia, followed by Ukraine, Bulgaria, Turkey, and Japan.

send me nudes ransomware screenshot

This unique ransomware demands you to send 10 nude photos of yourself.

wanna cry ransomware screen shot

WannaCry ransomware screen shot. AKA WannaCrypt, WanaCrypt0r, Wana Decrypt0r 2.0, WCRY, WNCRY. The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry, a ransomware cryptoworm, which targets computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. This ransomware has a unique decrypt button allowing victims to decrypt a sample of files. Perhaps building trust that the victim’s files will be decrypted upon payment. As of 19 May 2017, the attacks have slowed down and is presumed to be extinct. Though, isolated reports are coming from the countries, already affected by the ransomware attack. Unconfirmed sources have also alleged that a newer and a more powerful version of the virus would be released and infect the major computer systems all over the world.


cryptolocker screenshot

cryptolocker screenshot- The red screen means business. Tick tock…

why cry ransomware screenshot

WhyCry ransomware has been decrypted with a master key you can find here: WhyCry master key + Learn more

Another version of cryptolocker

Another design/ version of the cryptolocker virus – Another version of cryptolocker. Tiny graphic of a key on top. Scary. Don’t harm my photo of tulips ok?

We also specialize removing the CryptoLocker Virus

PRISM cryptolocker screenshot

PRISM cryptolocker screenshot. Any minute you think the police will break down your door. Not!

cryptolocker screenshot

You know it looks important when you see random text or lines of code like the movie, The Matrix.

Specialist Crime Directorate ransomware screenshot

Specialist Crime Directorate ransomware screenshot. Nobody is recording you btw.

bad English ransomware screenshot

Bad English ransomware screenshot – The bad English in this one made me laugh.”our team help you to solve this problem, but not for free. .. “What virus do” “what our team do” …

cryptolocker screenshot

Another version / design of CryptoLocker. The white text on the red background isn’t very user friendly. Neither is the demand for bitcoins. I love that they want you to disable your antivirus to prevent the removal of this fine software.

cryptowall screenshot

Cryptowall screenshot – Another relative of the cryptolocker, this ransomware is considered the revised, newer version of cryptolocker.

We also give support to businesses afected by the CryptoWall Ransomware


Synolocker? Because you sigh and then scream “noooooo!” when you see this screen. It’s trademarked? wait a minute… Don’t sue me too.

fbi cybercrime division

They claim you violated a copyright law. I’m pretty sure they didn’t pay for those stock images of the men on the right and handcuffs on the keyboard etc.

similar ransomware designs

Similar ransomware designs. Notice this design looks similar to the one above. Handcuffs on the keyboard is the ransomware trend these days. Or who copied who?


ransomware screenshot

American symbols, yet the real Homeland security is not accepting payments in bitcoin… interesting.


Maktub Locker Ransomware Screenshots #3

Maktub Locker Ransomware Screenshots – Well at least they start off with a warm greeting and apologize for the situation. Nice design and very user friendly, making ransomware a breeze and as easy as 123.

Take a look at the other Maktub ransomware screenshots

another language ransomware

If you’re getting ransomware in another language, I don’t know what to say. You’re probably opening up some crazy emails. Good luck.

teslacrypt screenshot

teslacrypt creators launches a key for victims to decrypt. 🙂 Check out the article: TechCrunch


jigsaw ransomware screenshot

Luckily, there’s a decryption tool for this ransomware by Demonslay335 – Read about it on bleepingcomputers.com

jigsaw ransomware

ransomware screenshot

They claim they took a photo of you, including videos and recent activity on the computer. I hope I was looking my best. LOL. This is bogus. You’re not going to prison.

fbi online agent has blocked your computer

FBI online agent has blocked your computer – No, FBI agents are not blocking you. Looks funny that there’s a “case number”

Can I reply to this cyber criminal and point out the grammatical errors. Can I get a discount? lol ;)

Ransom32 – Can I reply to this cyber criminal and point out the grammatical errors. Can I get a discount? lol 😉


I don’t want to download Tor. Can’t we just go about this using Safari?

congrats ransomware

Congratulations? They act all cute until you read what’s going on.


ransomware screenshots

More red screens. Yuck. So serious. – There’s a free Petya ransomware decryption tool!

Another Petya ransomware screen shot. – Don’t worry there’s a free decrption tool here mentioning both variants.

petya ransomware screenshot

When I think ransomware, Petya ransomware hits the nail on the head with their design. One look at this and you know you’re in trouble. Nice touch with the dollar sign in the ASCII art.

petya ransomware


cryptorbit ransomware – They really stand out using a yellow background. Really surprised they used a picture of an unlocked lock.

locky ransomware screenshot encryption

locky ransomware screenshot encryption. Learn more about this Locky ransomware and more screenshots

screenshot of blue ransomware

Really surprised to see they want a Paypal payment.

Ransomware Screenshot

DMA Locker 4.0

keyranger virus screenshot

keyranger virus screenshot:

This is the first instance of Apple having to shut down a ransomware attack on OS X Mac users. KeRanger Ransomware Read more

Are you seeing any of these Ransomware screens?

Remember, if you have backups of your data, you’ll never have to worry about paying a ransom.

Give us a call if you want to help prevent ransomware or if you need assistance dealing with ransomware! (619) 325-0990. Also keep in mind, there’s some steps to take if you do become a victim of ransomware.

Still not sure what ransomware is?

definition of ransomware

ransomware removalIf you are seeing one of these ransomware screens, unplug your computer from your network, power off, and
give us a call for immediate ransomware removal services (619) 325-0990. We utilize your data backups to remove ransomware and help your company mitigate security risks.

Here’s what to do if your computer has ransomware

What to do if your computer has ransomware

















Sign up for our FREE email newsletter
so you don't miss out on any of our great content!

You have Successfully Subscribed!