Published Feb 11, 2016|Updated Sep 15, 2017

Ransom:Win32/Exxroute.A

Alert level: Severe Detected with Windows Defender Antivirus

Also detected as: No associated aliases

Windows Defender  detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

This threat can be downloaded by Angler EK (Exploit:JS/Axpergle or Exploit:SWF/Axpergle) and written to the Temp directory as api-ms-win-system-<any string>-l1-1-0.dll (for example: api-ms-win-system-ndishc-l1-1-0.dll or api-ms-win-system-wcnwiz-l1-1-0.dll) to appear like it is a valid system file.

Our ransomware page has more information on this type of threat.