Skip to main content
26 entries found. Displaying page 1 of 2.
Updated on Jan 10, 2018

Windows Defender detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

This threat uses an infected Microsoft Office file to download the ransomware onto your PC. It can arrive on your PC as spam email attachment, usually as a Word file (.doc). We have also seen this ransomware being downloaded by TrojanDownloader:JS/Nemucod, TrojanDownloader:JS/Swabfex, TrojanDownloader:JS/Locky, TrojanDownloader:Win32/Locky, through exploit kits, or from spam emails.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Nov 30, 2016

This threat is classified as a worm that spreads over the network. A pure network worm propagates without any user interaction, such as, without requiring the user to open any file or take any action. Generally, a network worm spreads by an exploit of vulnerable software. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender detects and removes this threat.

The threat downloads other malware. We have seen it download Ransom:Win32/Locky.A.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender detects and removes this threat.

The threat downloads other malware. We have seen it download Ransom:Win32/Locky.A.

It might have been downloaded by TrojanDownloader:O97M/Adnel.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

This threat uses an infected Microsoft Office file to download the ransomware onto your PC. It can arrive on your PC as spam email attachment, usually as a Word file (.doc). We have also seen this ransomware being downloaded by TrojanDownloader:JS/Nemucod, TrojanDownloader:JS/Swabfex, TrojanDownloader:JS/Locky, TrojanDownloader:Win32/Locky, through exploit kits, or from spam emails.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker. See the Win32/Locky family description for details.

This threat uses an infected Microsoft Office file to download the ransomware onto your PC. It can arrive on your PC as spam email attachment, usually as a Word file (.doc). We have also seen this ransomware being downloaded by TrojanDownloader:JS/Nemucod, TrojanDownloader:JS/Swabfex, TrojanDownloader:JS/Locky, TrojanDownloader:Win32/Locky, through exploit kits, or from spam emails. Newer variants may be digitally signed and pose as browser plugins.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects this threat.

This detection is used to generically check for suspicious behavior that would activate an enhance search in memory for malicious code that would clean the system upon matching.  It is a generic detection, which means the malicious behaviors can greatly vary.

If we receive a significant number of reports about this suspicious behavior, we will add a specific detection and include a more detailed analysis.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects this threat.

This detection is used to generically check for suspicious behavior that would activate an enhance search in memory for malicious code that would clean the system upon matching.  It is a generic detection, which means the malicious behaviors can greatly vary.

If we receive a significant number of reports about this suspicious behavior, we will add a specific detection and include a more detailed analysis.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects this threat.

This detection is used to generically check for suspicious behavior that would activate an enhance search in memory for malicious code that would clean the system upon matching.  It is a generic detection, which means the malicious behaviors can greatly vary.

If we receive a significant number of reports about this suspicious behavior, we will add a specific detection and include a more detailed analysis.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects and removes this threat.

This trojan downloader is a VBScript that downloads and runs other malware, including the prevalent ransowmare Ransom:Win32/Locky

This threat is known to arrive as a ZIP, RAR, or 7Z attachment on spoofed emails. Some of the spoofed emails appear be sending an invoice from the Microsoft Store:

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Nov 15, 2016

Windows Defender Antivirus detects and removes this threat.

This threat is designed to act as an intermediary malware within an infection chain. It is also known as the "Godzilla" loader.

In the wild, this threat has been observed to download a variant of Ransom:Win32/Locky.

Find out ways that malware can get on your PC.

Alert level: severe
Updated on Mar 22, 2017

Windows Defender Antivirus detects and removes this threat.

This threat is a .pdf file with a malformed hyperlink to phishing websites or other malicious sites. It usually arrives as attachment to spammed email messages.

To know more about how cybercriminals are using this threat in attacks, read the following blog:

Find out ways that malware can get on your PC.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

It is a scriptable installer engine used to deliver malicious payloads, mostly ransomware, such as Ransom:Win32/Enestedel.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

 

Alert level: severe
Updated on Sep 26, 2016

Windows Defender Antivirus detects and removes this threat.

This threat is designed to act as an intermediary malware within an infection chain. It is also known as the "Godzilla" loader.

In the wild, this threat has been observed to download a variant of Ransom:Win32/Locky.

Find out ways that malware can get on your PC.

Alert level: severe
Updated on Feb 02, 2017
Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects and removes this threat.

This threat is a detection for a malicious PowerShell script. When executed, it downloads and runs other malware into the system.

The malicious PowerShell scripts is usually embeded into other files such as .LNK, .CHM, .BAT, .PDF, .PPTX and can arrive in your PC as an attachment to a spam email.

We have observed this threat download a variant of Ransom:Win32/Locky and other malware such as Win/Zbot.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

It is a scriptable installer engine used to deliver malicious payloads, mostly ransomware, such as Ransom:Win32/Enestedel.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Feb 02, 2017

Windows Defender detects and removes this threat.

This threat can steal your personal information. It can also lower your Internet Explorer security settings and use your PC for click fraud.

You can read more about this threat on the Microsoft Malware Protection Center (MMPC) blog: 

Find out ways that malware can get on your PC.  

Alert level: severe
Updated on Mar 01, 2016

Windows Defender detects and removes this threat.

This is a heuristic detection for macro malware.

The threat can be installed when you open a malicious document attached to a spam email. If macros are enabled on your PC, the malware runs when the document is opened. It can then try to do one or all of the following:

  • Download and install other malware
  • Use your computer for click fraud
  • Record your keystrokes and the sites you visit
  • Send information about your PC, including user names and browsing history, to a remote malicious hacker
  • Give a remote malicious hacker access to your PC

Due to the generic nature of this detection, we can only provide general information about it.

For more information on how you can prevent macro malware, see our Threat Research & Response blog.

Alert level: severe
Updated on Jul 25, 2017

Windows Defender detects and removes this threat.

This malware family is well known for being tricky to detect and remove because of its file-less design after infection. They infect your PCs so malware perpetrators can perform click-fraud and install additional malware on your machines. 

A trojan is a type of malware that can’t spread on its own. It relies on you to run them on your PC by mistake, or visit a hacked or malicious webpage.

They can steal your personal information, download more malware, or give a malicious hacker access to your PC.

You can read more about this threat on the Microsoft Malware Protection Center (MMPC) blog: 

Find out ways that malware can get on your PC.

Alert level: severe