Here’s a collection of 47 ransomware screenshots. These examples of ransomware are frequently updated. (last updated 12/10/19)

Here you can see how the interface design of ransomware varies, but the demands are very similar.

Let us know in the comments below which ransomware screenshot creeps you out the most. (mine personally is the Jigsaw ransomware – that puppet alone on my screen staring into my eyes is the worst.)

Ransomware definition: A type of malicious software designed to block access to a computer system until a sum of money is paid.

We see a range of payment methods accepted from Bitcoin, MoneyPak, and Paypal. Not to mention, strange forms of payment such as sending nudes and playing an online game. Seems like we’ve only seen the “tip of the iceberg” of what’s evolving for ransomware.

Notice the psychological tricks they play on your emotions. A couple ransomware screenshots declare they took a photo and video of you using your webcam as evidence. Others use a countdown timer promising the key will be destroyed and you’re out of luck.

Do you have Ransomware?

Check out our complete Ransomware Guide

How would you feel if you saw one of these on your computer screen / phone screen? Let us know in the comments section below! Here’s the first screenshot example of ransomware:

Snatch Ransomware Screenshot:

This screenshot does not look like your trypical ransomware splash screen. In fact, everything about this ransomware is unique. This variant reboots the victim’s computer into safemode to bypass your PC’s protection. Everything about Snatch ransomware is explained at Sophos.

Ryuk Ransomware Screenshot:

Ryuk ransomware screenshot README.TXT

TFlower Ransomware Screenshot:

T-Flower – via @ https://www.bleepingcomputer.com/news/security/tflower-ransomware-the-latest-attack-targeting-businesses/

TFlower is being spread by exposed Remote Desktop services. Here’s the ransom note below:

TFlower ransom note

Nemty Ransomware Screenshot:

Nemty ransomware makes it clear that they don’t care about you, just getting a payment from you is their focus. They also don’t “practise” using spell check lol.

Goldeneye Ransomware Screenshot:

Usually, the text is designed in red, but yellow is equally as scary I suppose.

Android/Filecoder.C Ransomware Screenshot:

Android/Filecoder.C screenshot -

Android / Filecoder ransomware is sent via sms text message. This android ransomware spreads through the victim’s contact list. To increase the potential victim’s interest, the link suggests the victim’s photos are used in an app. This ransomware also has 42 language versions and chooses the version that fits the victim device’s language setting. What’s extra unique is the extra step malware takes to personalize with the victim’s name.

sms phishing

Filecoder.C photo source:


This MegaCortex ransomware screenshot:
includes the hackers’ email addresses for soliciting their software to restore your data. Very interesting that they are also selling cyber security consulting! Would you trust them as a customer?

Gorgon Ransomware Screenshot:
A file locking virus asking for 0.3 worth of bitcoin. The green splash screen with a gorgon’s head is a new design unlike anything we’ve seen before! I suppose just like encrypting your files, this gorgon will turn your files into stone? 2-spyware.com has the Gorgon uninstall guide here.

gorgon ransomware screenshot

Zcryptor Ransomware Screenshot Example:

cyber security quiz online
crypton ransomware screenshot

Crypton Ransomware screenshot
Not a frightening interface design like your typical ransomware. This dark grey texture is modern and the text is clean and concise. Could taking the scare factor out of the design lead to faster conversion of sales? Are hackers split testing their designs? Photo Source: BleepingComputer.com

Photo Source: BleepingComputer.com

StalinLocker ransomware gives you ten minutes to enter the correct decryption key or it will delete all your data. While the clock is ticking, this ransomware plays the USSR anthem with a large photo of Stalin. This ransomware was discovered by MalwareHunterTeam and featured on BleepingComputer.com 

Related Post: Amazon Password Reset Phishing Scam
“Someone tried to reset your password from Dayton, Ohio, if you have not requested this code…”

PUBG Ransomware screenshot example:

pubg ransomware

PUBG ransomware doesn’t ask for any money, just that you play PlayerUnknown’s Battlegrounds for one hour in exchange for a decryption key. However, it’s been verified by VG24/7 that you only need to run the game for three seconds.

ZENIS ransomware screenshot example:

zenis ransomware
ZENIS ransomware – Photo source: Bleepingcomputer.com

ZENIS ransomware looks like a simple html document without a CSS stylesheet attached. Plainer than vanilla.

SAMSAM Ransomware example:

SAMSAM RANSOMWARE – Popular hitting hospitals. SCREENSHOT: Photo Source – Bleepingcomputer.com

Why would SAMSAM have such horrible alignment for their headlines? To me, that’s pretty scary as a designer.

Saturn Ransomware example:

saturn ransomware screenshots
Unusual ransomware that requests you to download the Tor browser to follow additional payment instructions.

Saturn ransomware is to the point and centered. 1,2,3. Black and white, no imagination. Not even a picture of Saturn.

File Spider ransomware example:

file spider ransomware screenshot

File spider ransomware looks seriously scary. Not only that, they took advantage knowing most people are terrified of spiders. For this design, I personally would like to see more spiders. However, I’m sure knowing you have ransomware is scary enough. Would like to see more creativity.

Bad Rabbit Ransomware screenshot:

ESET has researched the BadRabbit ransomware and believes it is spreading through fake flash updates. The majority of victims targeted are large companies in Russia, followed by Ukraine, Bulgaria, Turkey, and Japan. No rabbits in the interface design. Come on, perhaps a design with creativity saying…”If you don’t pay within 40 hours, the rabbit dies along with your files…”

nRansom Ransomware screenshot:

send me nudes ransomware screenshot
This unique ransomware demands you to send 10 nude photos of yourself.
I don’t understand the train and cursing. Horrible. This is the most unique request of payment I’ve seen. Makes us wonder what else they will ask for in the future.

WannaCry Ransomware Screenshot:

wanna cry ransomware screen shot

WannaCry ransomware screen shot. AKA WannaCrypt, WanaCrypt0r, Wana Decrypt0r 2.0, WCRY, WNCRY.
The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry. It’s a cryptoworm, which targets computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

This ransomware has a unique decrypt button allowing victims to decrypt a sample of files. Perhaps building trust that the victim’s files will be decrypted upon payment.

As of 19 May 2017, the attacks have slowed down and is presumed to be extinct. Though, isolated reports are coming from the countries, already affected by the ransomware attack.

Unconfirmed sources have also alleged that a newer and a more powerful version of the virus would be released and infect the major computer systems all over the world.

 Caution: Text Messages Asking for Google Account Verification Codes ScamI received a google verification code but didn’t request it.” 

CryptoLocker Ransomware Screenshots:

Another version of cryptolocker
Another design/ version of the cryptolocker virus – Another version of cryptolocker. Tiny graphic of a key on top. Scary. Don’t harm my photo of tulips ok?
cryptolocker screenshot
cryptolocker screenshot- The red screen means business. Tick tock… The design looks like antivirus sorftware that needs an update. It looks professionally designed.
cryptolocker screenshot
You know it looks important when you see random text or lines of code like the movie, The Matrix.
cryptolocker screenshot
Another version / design of CryptoLocker. The white text on the red background isn’t very user friendly. Neither is the demand for bitcoins. I love that they want you to disable your antivirus to prevent the removal of this fine software.

WhyCry Ransomware screenshot:

why cry ransomware screenshot
WhyCry ransomware has been decrypted with a master key you can find here: WhyCry master key + Learn more

We also specialize removing the CryptoLocker Virus

Specialist Crime Directorate ransomware screenshot:

Specialist Crime Directorate ransomware screenshot
Specialist Crime Directorate ransomware screenshot. Nobody is recording you btw.

Bad English Ransomware Screenshot Example:

bad English ransomware screenshot
Bad English ransomware screenshot – The bad English in this one made me laugh.”our team help you to solve this problem, but not for free. .. “What virus do” “what our team do” …

Cryptowall Screenshot example:

cryptowall screenshot
Cryptowall screenshot – Another relative of the cryptolocker, this ransomware is considered the revised, newer version of cryptolocker.

We also give support to businesses affected by the CryptoWall Ransomware

Another example of “Cryptowall”

congrats ransomware
Congratulations? They act all cute until you read what’s going on.

Synolocker Ransomware Example:

Synolocker? Because you sigh and then scream “noooooo!” when you see this screen. It’s trademarked? wait a minute… Don’t sue me too.

PRISM Ransomware example screenshot:

PRISM cryptolocker screenshot
PRISM cryptolocker screenshot. Any minute you think the police will break down your door. Not!

FBI Cybercrime Division Ransomware Example:

fbi cybercrime division
They claim you violated a copyright law. I’m pretty sure they didn’t pay for those stock images of the men on the right and handcuffs on the keyboard etc.

Polite Belgique Police Federale Ransomware Example:

similar ransomware designs
Similar ransomware designs. Notice this design looks similar to the one above. Handcuffs on the keyboard is the ransomware trend these days. Or who copied who?

ICE-Homeland Security Investigations ransomware:

ransomware screenshot
American symbols, yet the real Homeland security is not accepting payments in bitcoin… interesting.

MAKTUB LOCKER Ransomware Screenshot:

Maktub Locker Ransomware Screenshots #3
Maktub Locker Ransomware Screenshots – Well at least they start off with a warm greeting and apologize for the situation. Nice design and very user friendly, making ransomware a breeze and as easy as 123.

(unknown) Russian Ransomware Screenshot? Anyone care to translate?

another language ransomware
If you’re getting ransomware in another language, I don’t know what to say. You’re probably opening up some crazy emails. Good luck. Not sure of the official name of this ransomware.

TESLACRYPT Ransomware example:

teslacrypt screenshot
teslacrypt creators launches a key for victims to decrypt. 🙂 Check out the article: TechCrunch

Jigsaw Ransomware screenshots:

The creepiest ransomware screenshot I’ve seen!

jigsaw ransomware screenshot
This is the creepiest looking ransomware in my opinion. Makes you want to throw your computer monitor off the desk. Luckily, there’s a decryption tool for this ransomware by Demonslay335 – Read about it on bleepingcomputers.com
jigsaw ransomware

Computer Maintenance Checklist
Always have a fast computer when you do these EASY tips

More “FBI” Ransomware screenshots:

ransomware screenshot
They claim they took a photo of you, including videos and recent activity on the computer. I hope I was looking my best. LOL. This is bogus. You’re not going to prison.
fbi online agent has blocked your computer
FBI online agent has blocked your computer – No, FBI agents are not blocking you. Looks funny that there’s a “case number”

10 Shocking Facts about Ransomware

Ransom 32 Ransomware screenshot example:

Can I reply to this cyber criminal and point out the grammatical errors. Can I get a discount? lol ;)
Ransom32 – Can I reply to this cyber criminal and point out the grammatical errors. Can I get a discount? lol 😉

Unnamed ransomware screenshot:

I don’t want to download Tor. Can’t we just go about this using Safari?

NotPetya Ransomware Screenshot:

NotPetya ransomware screenshot – this came after Petya.

Petya Ransomware Example:

ransomware screenshots
More red screens. Yuck. So serious. – There’s a free Petya ransomware decryption tool!

Another Petya ransomware screen shot. – Don’t worry there’s a free decrption tool here mentioning both variants.

petya ransomware screenshot
When I think ransomware, Petya ransomware hits the nail on the head with their design. One look at this and you know you’re in trouble. Nice touch with the dollar sign in the ASCII art.
petya ransomware
Yet another Petya ransomware screenshot.

Cryprobit Ransomware Screenshot:

cryptorbit ransomware – They really stand out using a yellow background. Really surprised they used a picture of an unlocked lock.

Locky Ransomware Screenshot:

locky ransomware screenshot encryption
locky ransomware screenshot encryption. Learn more about this Locky ransomware and more screenshots

DMA Locker 4.0 Ransomware Screenshot:

Ransomware Screenshot
DMA Locker 4.0

Ryuk Ransomware Screenshot:

ryuk ransomware screenshot
ryuk ransomware screenshot

Keyranger Ransomware Screenshot example:

keyranger virus screenshot
keyranger virus screenshot:

Are you seeing any of these Ransomware screens?

Remember, if you have good backups of your data, you’ll never have to worry about paying a ransom.

Give us a call if you want to help prevent ransomware or if you need assistance dealing with ransomware! (619) 325-0990. Also keep in mind, there’s some steps to take if you do become a victim of ransomware.

Still not sure what ransomware is?

ransomware removal

If you are seeing one of these ransomware screens, unplug your computer from your network, power off, and
give us a call for immediate ransomware removal services (619) 325-0990. We utilize your data backups to remove ransomware and help your company mitigate security risks.

This blog post was featured in: blogs.cisco.com