Windows Defender detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

This threat can be downloaded by Angler EK (Exploit:JS/Axpergle or Exploit:SWF/Axpergle) and written to the Temp directory as api-ms-win-system-<any string>-l1-1-0.dll (for example: api-ms-win-system-ndishc-l1-1-0.dll or api-ms-win-system-wcnwiz-l1-1-0.dll) to appear like it is a valid system file.

Our ransomware page has more information on this type of threat.

Windows Defender detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

This threat can be downloaded by the Angler exploit kit (we detect the kit as Exploit:JS/Axpergle or Exploit:SWF/Axpergle). We've also seen other malware, such as Backdoor:Win32/Bedep and PWS:Win32/Ldpinch, download Exxroute.

Our ransomware page has more information on this type of threat.

Windows Defender detects and removes this threat.

This threat family uses vulnerabilities in recent versions of Internet Explorer, Microsoft Silverlight, Adobe Flash Player, and Java to install malware on your PC. We have seen it try to install Ransom:Win32/Exxroute, Ransom:Win32/Cerber,  and drop variants of Win32/Gamarue.

You might get this threat if you visit a malicious or hacked website, or click a malicious link in an email.

Windows Defender detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

We have seen this threat share the same distribution used by Win32/Exxroute ransomware family through exploits.

Our ransomware FAQ page has more information on this type of threat.

Read our latest report: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene.