We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Ransom:Win32/Urausy.A
Aliases: Backdoor.Win32.Azbreg.lui (Kaspersky)
Summary
Windows Defender detects and removes this threat.
This threat locks your PC and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.
It pretends to be from the FBI or a national police force and tries to scare you into paying a fine to unlock your PC.
Typically, this threat gets on your PC when you visit a hacked webpage.
You can read more about this type on malware at the Ransom:Win32/Urausy family description or on our ransomware page.
If you've already paid, see our ransomware page for help on what to do now.
Run antivirus or antimalware software
The following Microsoft software detects and removes this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
However, because this threat can lock your screen, you might not be able to download or run antivirus or antimalware software. If that happens, you will need to use Windows Defender Offline:
The following articles may help if you're having trouble getting the tool to work:
- Windows Defender Offline: frequently asked questions
- Microsoft's Free Security Tools - Windows Defender Offline
After you've used Windows Defender Offline, you should make sure your security software is up to date and run a full scan:
Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.
