Ransom:Win32/Genasom.GC
Microsoft Defender Antivirus detects and removes this threat.
This threat stops you from loading Windows and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.
It tries to scare you into paying a fine to unlock your PC.
You can read more on our ransomware page.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:Win32/Genasom.OPY
Microsoft Defender Antivirus detects and removes this threat.
This threat stops you from loading Windows and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.
It tries to scare you into paying a fine to unlock your PC.
You can read more on our ransomware page.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:Win32/Genasom.JV
Microsoft Defender Antivirus detects and removes this threat.
This threat stops you from loading Windows and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.
It tries to scare you into paying a fine to unlock your PC.
Our ransomware FAQ page has more information on this type of threat.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:Win32/Ergop.A
Microsoft Defender Antivirus detects and removes this threat.
This ransomware can stop you from using your PC or accessing your data.
It encrypts files and uses .707, .725, .726, .astra, .crypt, .ocean, or .txt as file name extension for encrypted files. It leaves a ransom note with the file name how_open_files.hta, RECOVER-FILES.html, or !back_files!.html.
Our ransomware FAQ page has more information on this type of threat.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:Win32/Genasom
Microsoft Defender Antivirus detects and removes this threat.
This threat stops you from loading Windows and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.
It tries to scare you into paying a fine to unlock your PC.
Our ransomware FAQ page has more information on this type of threat.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:Win32/Reveton.N
Microsoft Defender Antivirus detects and removes this threat.
Ransom:Win32/Reveton.N is ransomware that demands a fine for the supposed possession of illicit material or unauthorized online activities. It displays a full screen image, localized according to your location, with payment instructions. Read more about ransomware on our Ransomware page.
Our ransomware FAQ page has more information on this type of threat.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:Win32/Nobig
Microsoft Defender Antivirus detects and removes this threat.
This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker to restore your files.
This ransomware is distributed though spam emails with malicious document attachments.
Our ransomware FAQ page has more information on this type of threat.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. Trends show that Windows 7 devices are more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:Win32/Tescrypt.T
Microsoft Defender Antivirus detects and removes this threat.
This ransomware encrypts the files on your PC and directs you to a webpage with instructions on how to unlock them. It asks you to make a payment using bitcoins.
Our family description Win32/Tescrypt has more details on this threat, and our ransomware page has more information on ransomware in general.
Windows 10 protects you from ransomware. Read more:
Windows 10 Creators Update provides next-gen ransomware protection
You can also read more about ransomware on the Windows Security blog.
IT administrators can read this playbook on how enterprises can detect, investigate, and mitigate ransomware in networks:
Ransom:Win32/Milicry.A
Windows Defender detects and removes this threat.
This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.
Our ransomware FAQ page has more information on this type of threat.
Read our latest report: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene.
Ransom:Win32/Ryuk.AA
Microsoft Defender Antivirus detects and removes this threat.
This ransomware renders files inaccessible by encrypting them. It is also usually spread by Trojan:Win32/Trickbot and Win32/Emotet malware families via phishing emails.
After encrypting files, this ransomware sets the desktop wallpaper and stops processes from running on your machine without your consent.
Find out ways that malware can get on your PC.
Read our report about ransomware protection: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:Win32/Tocrypt
Windows Defender detects and removes this threat.
This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.
You can read more on our ransomware page.
Ransom:Win32/Crilock.B
Windows Defender detects and removes this threat.
This threat encrypts your files and displays a webpage that asks you to pay a fee to unlock them.
More information on this type of threat in the Ransom:Win32/Crilock.A description and in our Ransomware page.
Ransom:MSIL/Zuquitache.A
Windows Defender detects and removes this threat.
This ransomware can encrypt the files on your PC so that you can't access them. Threats in this ransomware family can be installed from Trojan:BAT/Zuquitache.
Our ransomware page has more information on this type of threat.
Ransom:Win32/Loktrom.M
Ransom:Win32/Lyposit.B
This ransomware prevents you from accessing your computer. It covers your entire desktop with an image pretending to be from your local authorities, asking you to pay a fine to regain access. The image covering the desktop is downloaded from a certain website.