Ransomware is a type of virus that locks up computer files until money is paid.(Photo: Thinkstock)Just days before a big race, an up-and-coming Nascar team suddenly found the crew chief’s laptop going haywire and all the team’s critical files locked up.The team was the victim of a ransomware attack, a type of virus that locks up computer files until money is paid.”A message popped up that said my files had all been encrypted. … The only way to get it back is to pay a ransom,” said Dave Winston, the crew chief for Circle Sport-Leavine Family Racing.Ransomware cost Americans between $24 million and $28 million in 2015. It’s growing exponentially, according to the FBI.An easy business to enterThe reason? Ransomware ”is an easy business to get into. There are kits out there that you can buy on the deep dark web and start your own little ransomware company, and many of these end up actually being successful,” said Marcin Kleczynski, the CEO of Malwarebytes, a cybersecurity company that focuses on thwarting malware.CNBCThose pesky credit-card fees are mainly for the unsavvy these daysThe criminals target everyone, including consumers, small businesses and major corporations.”Its targets of opportunity could mean your grandma or grandpa, or a corporation down the street, such as a health-care provider,” said Will Bales, a Chantilly, Va.-based FBI supervisory special agent in charge of ransomware probes.Still, 57% of victims are consumers, according to cybersecurity company Symantec. That means critical banking files, previous tax returns and personal photos can be locked up.Dave Winston, the Circle Sport-Leavine Family Racing crew chief, with the laptop that was attackedWhen the Nascar team was hit, it decided to pay, purchasing a bitcoin, a virtual anonymous currency from a special ATM. After hours of waiting, the team received a decryption key.”It was huge relief when we got the key. … Pretty much everything came back,” Winston said.However, the FBI advises against paying ransom, even small amounts like the Nascar team did.”They now know that you are susceptible and want to pay them,” the FBI’s Bales said. “This could encourage them to continue and target more people down the line.”Ransom sticker shockA ransom request can cause sticker shock. The average payment demand nearly doubled in 2015, according to Symantec.”On the business side, the sky’s the limit. We’ve seen requests for millions of dollars, but usually they end up settling for tens of thousands,” said Malwarebytes’ Kleczynski.Bringing the criminals to justice is unlikely.CNBCRetiring abroad: 3 things to know before you pack your bags”It’s very difficult to attribute where the ransomware came from, and every specific case is vastly different. We’ve seen ransomware attacks from Europe, we’ve seen ransomware attacks from Asia and we’ve seen ransomware attacks from the United States,” Kleczynski said.Here are some steps you can take to avoid being a victim.Beware of email attachmentsWhile there are many ways that ransomware can get into your computer, the FBI’s Bale said email attachments are a common method.”The emails can look like they’re from a friend, or family, or just maybe a reputable organization, but it’s actually not. And the attachment is laden with malware in it. And once you’ve opened the attachment, your computer is infected,” he said.”If you’re not expecting an email from somebody, it’s OK to call that person and ask them if they meant to send that email. Or if that email was from them. It’s inconvenient, but it is less inconvenient than infecting your entire computer or network,” he said.CNBCDon't be so quick to co-sign on a student loan, even if it's your kidsBack up your dataThe best way to prevent ransomware is to have a secure backup, which allows you to restore files without paying the ransom.”Secure backups are key. Make sure that files are backed up regularly, and you should test those backups so that the first time you try your backup is not because of a ransomware event,” Bales said.© CNBC is a USA TODAY content partner offering financial news and commentary. Its content is produced independently of USA TODAY.