Follow:

 

Behavior:Win32/Crilock.A


Microsoft security software detects and removes this threat.

This threat is used to monitor suspicious or malware-like behavior on your PC. It is a generic detection, which means the malicious behaviors can be highly variable.

If we receive a significant number of reports about this suspicious behavior we will add a specific detection and include a more detailed analysis.

Find out ways that malware can get on your PC.



What to do now

Microsoft doesn’t recommend you pay the fine. There is no guarantee that paying the ransom will give you access to your files.

If you've already paid, see our ransomware page for help on what to do now.

Run antivirus or antimalware software

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other, hidden malware.

Advanced troubleshooting

You might be able to recover encrypted files by using the tool discussed in the MMPC blog post FireEye and Fox_IT tool can help recover Crilock-encrypted files.

To restore your PC, you might need to download and run Windows Defender Offline. See our advanced troubleshooting page for more help.

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Microsoft security software detects and removes this threat.

This threat is used to monitor suspicious or malware-like behavior on your PC. It is a generic detection, which means the malicious behaviors can be highly variable.

If we receive a significant number of reports about this suspicious behavior we will add a specific detection and include a more detailed analysis.


Symptoms

Alerts from your security software may be the only symptom.


Prevention


Alert level: Severe
First detected by definition: 1.161.1146.0
Latest detected by definition: 1.193.147.0 and higher
First detected on: Oct 31, 2013
This entry was first published on: Mar 26, 2014
This entry was updated on: Aug 14, 2014

This threat is also detected as:
No known aliases