OneDrive (home or personal) OneDrive for Mac OneDrive for Windows
Ransomware detection notifies you when your OneDrive files have been attacked and guides you through the process of restoring your files. Ransomware is a type of malicious software (malware) designed to block access to your files until you pay money.
When Microsoft 365 detects a ransomware attack, you'll get a notification on your device and receive an email from Microsoft 365. If you're not a subscriber, your first notification and recovery is free. See available plans.
If Microsoft 365 detected a ransomware attack, you see the Signs of ransonware detected screen when you go to the OneDrive website (you might need to sign in first). Select the Get started button to begin.
On the Do these files look right? screen, we'll show you some suspicious files. If they have the wrong name or suffix, or don't look right when you open them from the list, they're likely compromised by ransomware.