Aliases: Dropper/Win32.Necurs (AhnLab) Trojan-Ransom.Win32.Cryptodef.iu (Kaspersky) Trojan horse Inject2.AHNI (AVG) TR/Crypt.Xpack.64673 (Avira) Trojan.Encoder.514 (Dr.Web) W32/Cryptodef.AHIO!tr (Fortinet) PWSZbot-FBKQ!86B6EE398F44 (McAfee) Troj/Agent-AHIO (Sophos) TSPY_ZBOT.SMCC (Trend Micro) Cryptowall (other) Cryptodefense (other)
Windows Defender detects and removes this threat.
The ransom or "lock" screen can use the name CryptoDefense or CryptoWall.
Windows 10 protects you from ransomware. Read more:
More information about ransomware can be found on our Ransomware page.
Microsoft doesn’t recommend you pay the fine. There is no guarantee that paying the ransom will give you access to your files.
If you've already paid, see our ransomware page for help on what to do now.
Use the following free Microsoft software to detect and remove this threat:
You should also run a full scan. A full scan might find hidden malware.
Enable the Microsoft Active Protection Service (MAPS) on your system to protect your enterprise software security infrastructure in the cloud.
Check if MAPS is enabled in your Microsoft security product:
Select Settings and then select MAPS.
Select Advanced membership, then click Save changes. With the MAPS option enabled, your Microsoft anti-malware security product can take full advantage of Microsoft's cloud protection service.
If you’re using Windows XP, see our Windows XP end of support page.