Published Jun 09, 2014|Updated Sep 15, 2017


Severe |Detected with Windows Defender Antivirus

Aliases: Dropper/Win32.Necurs (AhnLab) Trojan-Ransom.Win32.Cryptodef.iu (Kaspersky) Trojan horse Inject2.AHNI (AVG) TR/Crypt.Xpack.64673 (Avira) Trojan.Encoder.514 (Dr.Web) W32/Cryptodef.AHIO!tr (Fortinet) PWSZbot-FBKQ!86B6EE398F44 (McAfee) Troj/Agent-AHIO (Sophos) TSPY_ZBOT.SMCC (Trend Micro) Cryptowall (other) Cryptodefense (other)


Windows Defender detects and removes this threat.

This ransomware encrypts the files on your PC and directs you to a webpage with instructions on how to unlock them. It asks you to make a payment using bitcoins.

The ransom or "lock" screen can use the name CryptoDefense or CryptoWall.

This threat can be downloaded by other malware, such as TrojanDownloader:Win32/Onkods or TrojanDownloader:Win32/Upatre. It can also be downloaded when you click on a link in a spam email.

Windows 10 protects you from ransomware. Read more:

Windows 10 Creators Update provides next-gen ransomware protection

More information about ransomware can be found on our Ransomware page.

Find out ways that malware can get on your PC.