Windows Defender detects and removes this threat.

The threat might get into your PC through spam emails or by being downloaded by other malware.

It encrypts your files and holds them for ransom; it demands that you pay to get access to your files back. It might display a message that looks like this:

It can also lower your PC's security by changing certain settings.

Read more about threats like this in our ransomware page.

Find out ways that malware can get on your PC.

Windows Defender detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

Our ransomware FAQ page has more information on this type of threat.

Read our latest report: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene.

Windows Defender detects and removes this threat.

This threat is a member of the Ransom: MSIL/Tarocrypt family.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

Our ransomware page has more information on this type of threat.

Microsoft Defender Antivirus detects and removes this threat.

This ransomware encrypts the files on your PC and directs you to a webpage with instructions on how to unlock them. It asks you to make a payment using bitcoins.

Our family description Win32/Tescrypt has more details on this threat, and our ransomware page has more information on ransomware in general.

Windows 10 protects you from ransomware. Read more:

Windows 10 Creators Update provides next-gen ransomware protection

You can also read more about ransomware on the Windows Security blog.

IT administrators can read this playbook on how enterprises can detect, investigate, and mitigate ransomware in networks:

• Windows Defender Advanced Threat Protection - Ransomware response playbook 

Microsoft security software detects and removes this family of threats.

This ransomware family can lock your web browser by showing you a message that asks you to pay a fine. The message can pretend to be from a law enforcement agency and tells you to pay money to unlock your browser.

They can also stop you from closing your web browser, using the address bar, or pressing any shortcut keys.

You can be infected with this threat when you visit or are redirected to a malicious website.

See the Ransom:JS/Brolo family description for more information.

Microsoft Defender Antivirus detects and removes this threat.

This ransomware encrypts files and asks for ransom in exchange for decrypting files.

It is downloaded by TrojanDownloader:Win32/Cryxos.B.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Windows Defender AV detects and removes this threat.

This ransomware searches for certain types of files and encrypts these files. It renames the encrypted files by appending the new extension name .firecrypt. For example, after it encrypts the file example.doc, it renames this file to example.doc.firecrypt.

Encrypted files are inaccessible unless victims pay a fee to attackers. We have samples that include a ransom note instructing victims to send bitcoins to an attacker-controlled email address.

This ransomware also attempts to connect to a legitimate website as part of a denial-of-service (DoS) attack against that site.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Microsoft Defender Antivirus detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Microsoft Defender Antivirus detects and removes this threat. 

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money (in the form of Bitcoins) to a malicious hacker.

This ransomware is installed by the Magnitude exploit kit, which used to deliver another prominent ransomware family, Cerber.

When run, this threat checks the machine's default system language. If the system language is Korean, it launches its malicious routines. Otherwise, self-deletes after three seconds.

It encrypts files using AES 128-bit and appends the file name extension .ihsdj to encrypted files.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Windows Defender detects and removes this threat.

The threat is an HTML message that asks you to pay a ransom to regain access to the files encrypted by Ransom:Win32/Tescrypt.

Our ransomware page has more information on this type of threat.

Windows Defender detects and removes this threat.

This ransomware can encrypt the files on your PC so that you can't access them. Threats in this ransomware family can be installed from Trojan:BAT/Zuquitache. 

Our ransomware page has more information on this type of threat.