Ransom:Win32/Grymegat.A
Ransom:Win32/Grymegat.A is a ransomware that locks your PC and displays a webpage that covers your desktop. This webpage demands the payment of a fine for the supposed possession of illicit material.
The trojan might make lasting changes to your PC that make it difficult for you to download, install, run, or update your virus protection. For specific recovery information, please see the relevant variant's entry in the encyclopedia and the Additional recovery instructions in this entry.
For more information on ransomware, please see our FAQ on ransomware.
Ransom:Win32/Urausy.A
Windows Defender detects and removes this threat.
This threat locks your PC and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.
It pretends to be from the FBI or a national police force and tries to scare you into paying a fine to unlock your PC.
Typically, this threat gets on your PC when you visit a hacked webpage.
You can read more about this type on malware at the Ransom:Win32/Urausy family description or on our ransomware page.
Ransom:Win32/Dircrypt.C
Windows Defender detects and removes this threat.
The threat might get into your PC through spam emails or by being downloaded by other malware.
It encrypts your files and holds them for ransom; it demands that you pay to get access to your files back. It might display a message that looks like this:
It can also lower your PC's security by changing certain settings.
Read more about threats like this in our ransomware page.
Ransom:MSIL/Tarocrypt.B
Windows Defender detects and removes this threat.
This threat is a member of the Ransom: MSIL/Tarocrypt family.
This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.
Our ransomware page has more information on this type of threat.
Ransom:Win32/Urausy.C
Windows Defender detects and removes this threat.
This threat locks your PC and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.
It pretends to be from the FBI or a national police force and tries to scare you into paying a fine to unlock your PC.
Typically, this threat gets on your PC when you visit a hacked webpage.
You can read more about this type on malware at the Ransom:Win32/Urausy family description or on our ransomware page.
Ransom:JS/Brolo.B
Microsoft security software detects and removes this family of threats.
This ransomware family can lock your web browser by showing you a message that asks you to pay a fine. The message can pretend to be from a law enforcement agency and tells you to pay money to unlock your browser.
They can also stop you from closing your web browser, using the address bar, or pressing any shortcut keys.
You can be infected with this threat when you visit or are redirected to a malicious website.
See the Ransom:JS/Brolo family description for more information.
Ransom:MSIL/Zuquitache.A
Windows Defender detects and removes this threat.
This ransomware can encrypt the files on your PC so that you can't access them. Threats in this ransomware family can be installed from Trojan:BAT/Zuquitache.
Our ransomware page has more information on this type of threat.
Ransom:HTML/Tescrypt.B
Windows Defender detects and removes this threat.
The threat is an HTML message that asks you to pay a ransom to regain access to the files encrypted by Ransom:Win32/Tescrypt.
Our ransomware page has more information on this type of threat.
Ransom:Win32/Pagongcrypt
Windows Defender detects and removes this threat.
The threat renames and encrypts some files on your PC. It might ask you to pay money to a malicious hacker.
Our ransomware FAQ page has more information on this type of threat.
Read our latest report: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene.
Ransom:Win32/Teerac.E
Windows Defender detects and removes this threat.
This ransomware malware encrypts your files and shows you a webpage that asks you to pay a fee to unlock them.
It can be installed on your PC by other malware, such as TrojanDownloader:O97M/Donoff, or when you open a spam email attachment.
There is more information available in the Win32/Teerac family description.
Our ransomware FAQ page has more information on this type of threat.
Read our latest comprehensive ransomware report:
Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene
Ransom:Win32/Trasbind.A
Microsoft security software detects and removes this threat.
This trojan stops you from using your PC by showing an alert message screen. This screen can include adult content and might ask you to pay a "fine" or fee to unlock your PC.
This threat also replaces important Windows system files with copies of itself.
Due to the damage this threat can do to your PC, you might need to reinstall some files from a Windows installation disc, or a backup source.
Windows 10 protects you from ransomware. Read more:
Windows 10 Creators Update provides next-gen ransomware protection
Ransom:Win32/Adslock.A
Windows Defender detects and removes this threat.
This threat stops you from loading Windows and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.
It tries to scare you into paying a fine to unlock your PC.
Windows 10 protects you from ransomware. Read more:
Windows 10 Creators Update provides next-gen ransomware protection
You can read more about this type of threat on our ransomware page.
Ransom:Win32/Rokku.A
Windows Defender detects and removes this threat.
This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker. It can also be downloaded by other malware like JS/Nemucod as its payload.
Windows 10 protects you from ransomware. Read more:
Windows 10 Creators Update provides next-gen ransomware protection
Our ransomware page has more information on this type of threat.
Ransom:Win32/Septrypt.A
This threat has been renamed to Ransom:Win32/Ergop.A.
Ransom:Win32/Genasom.BR
Microsoft Defender Antivirus detects and removes this threat.
This threat stops you from loading Windows and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.
It tries to scare you into paying a fine to unlock your PC.
You can read more on our ransomware page.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.