Ransom:Win32/HydraCrypt.A

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

Microsoft Defender Antivirus detects and removes this threat. This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to malicious hacker.

We have seen this threat distributed by exploit kits (Neutrino, Axpergle, and Exploit:Win32/CVE-2016-0034), and through URLs embedded in spam emails that points to malicious macro downloaders.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

There is no one-size-fits-all response if you have been victimized by ransomware. There is no guarantee that paying the ransom will give you access to your files.

If you've already paid, see our ransomware page for help on what to do now.

Run antivirus or antimalware software

Use the following free Microsoft software to detect and remove this threat:

Windows Defender for Windows 8.1 and Windows 10, or Microsoft Security Essentials for Windows 7 and Windows Vista
Microsoft Safety Scanner

You should also run a full scan. A full scan might find hidden malware.

Advanced troubleshooting

To restore your PC, you might need to download and run Windows Defender Offline. See our advanced troubleshooting page for more help.

You can also ask for help from other PC users at the Microsoft virus and malware community.

If you’re using Windows XP, see our Windows XP end of support page.

Use cloud protection

The Microsoft Active Protection Service (MAPS) uses cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender for Windows 10.

Check if MAPS is enabled on your PC

Get more help

You can also see our advanced troubleshooting page for more help or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

0	ce1	edb	hplg	mgcb	pi1	save	udb
36	ce2	efd	hpp	mgmf	pi2	say	ufo
411	cer	egc	hs	mgmt	pi3	sb	ufr
1cd	cf	eio	htc	mgmx	pic	sbf	uga
1pa	cfg	eip	html	mgtx	pict	scad	unauth
1st	cfp	eit	hvpl	min	pip	scan	unity
2bp	cfr	email	hwp	mkv	pix	scc	unrec
3dm	cfu	emd	hz	mlx	pjpeg	sci	unx
3ds	cgm	emf	i3d	mmat	pjpg	scm	uof
3fr	chart	eml	ib	mmw	pjt	scriv	uot
3g2	chord	emlx	ibd	mng	pkpass	scrivx	upd
3gp	cimg	ep	icn	mnr	pl	sct	upk
4db	cin	epf	icpr	mnt	pl	scv	usertile-ms
4dl	cit	epk	icxs	mobi	plantuml	scw	usr
4mp	ckp	epp	idc	mos	plc	sd0	utf8
73i	class	eps	idea	mov	plt	sda	utxt
7z	clkw	epsf	idx	movie	pm	sdb	v12
8xi	cls	eql	igt	mp3	pmg	sdf	v30
9png	cma	erf	igx	mp4	png	sdm	vault
a3d	cmt	err	ihx	mpf	pni	sdoc	vbr
ab4	cmx	esm	iif	mpg	pnm	sdw	vcf
abm	cnm	etf	iil	mpo	pntg	sep	vct
abs	cnt	etx	iiq	mpp	pnz	set	vda
abw	cnv	euc	imd	mpqge	pobj	sfc	vdb
accdb	colz	exf	indd	mrg	pop	sfera	vdf
accdc	cpc	exr	info	mrw	pot	sfw	vec
accde	cpd	fadein	ink	mrwref	potm	sgm	vff
accdr	cpg	fal	int	mrxs	potx	sid	vfs0
accdt	cpi	faq	ipf	msg	pp4	sidd	vml
accdw	cpp	fax	ipx	mso	pp5	sidn	vnt
accft	cps	fb2	itc2	mt9	ppam	sie	vob
ach	cpt	fb3	itdb	mte	ppm	sig	vpd
act	cpx	fbl	itl	mud	pps	sis	vpe
adb	cr2	fbx	itm	mwb	ppsm	sk1	vpk
adn	craw	fcd	itw	mwp	ppsx	sk2	vpp_pc
adp	crd	fcf	iwd	mx0	ppt	skcard	vrml
ads	crt	fdb	iwi	mxl	pptm	skm	vrp
af2	crw	fdf	j	myd	pptx	sla	vsd
af3	crwl	fdr	j2c	myl	prf	slagz	vsdm
aft	cs	fds	j2k	ncf	prt	sld	vsdx
afx	csh	fdt	jarvis	ncr	prw	sldasm	vsm
agif	csl	fdx	jas	nct	ps	slddrt	vst
agp	css	fdxt	java	nd	psafe3	sldprt	vstm
ahd	csv	fes	jb2	ndd	psd	slm	vstx
ai	csy	ff	jbig	ndf	psdx	sls	vsx
ai	ct	ffd	jbig2	nef	pse	smf	vtf
aic	cv5	fff	jbmp	nfo	psid	smil	vtx
aif	cvg	fft	jbr	njx	psk	sms	vue
aim	cvi	fh	jfif	nk2	psp	snagitstamps	vw
ait	cvs	fh10	jia	nlm	pspbrush	snagstyles	w3x
al	cvx	fh11	jis	notes	pspimage	snp	wallet
albm	cwt	fh3	jng	now	pst	snx	wav
alf	cxf	fh4	joe	nrw	psw	sob	wb1
ani	cyi	fh5	jp1	ns2	ptg	spa	wb2
ans	d3dbsp	fh6	jp2	ns3	pth	spe	wbc
apd	dac	fh7	jpe	ns4	ptx	sph	wbd
apj	daconnections	fh8	jpeg	nsd	pu	spj	wbk
apk	dacpac	fhd	jpg	nsf	pub	spp	wbm
apm	dad	fic	jpg2	nsg	puz	spq	wbmp
apng	dadiagrams	fid	jps	nsh	pvj	spr	wbz
aps	daf	fif	jpx	ntl	pvm	sqb	wcf
apt	das	fig	jrtf	nv2	pvr	sql	wdb
apx	daschema	fil	js	nwb	pwa	sqlite	wdp
arch00	dat	fim	jtf	nwctxt	pwi	sqlite3	webdoc
art	dazip	fla	jtx	nx1	pwr	sqlitedb	webp
artwork	db	flac	jwl	nx2	px	sr2	wgz
arw	db0	flc	jxr	nyf	pxr	srf	wire
as	db2	fli	k2p	nzb	py	srt	wll
asc	db3	flr	kdb	obj	pz3	srw	wma
ascii	dba	flv	kdbx	oc3	pza	ssa	wmdb
ase	dbc	fm	kdc	oc4	pzp	ssfn	wmf
asf	dbf	fm5	kdi	oc5	pzs	ssk	wmo
ask	dbk	fmp	kdk	oce	qba	st	wmv
asm	dbr	fmp12	kes	oci	qbbackup	st4	wn
asp	dbs	fmpsl	key	ocr	qbi	st5	wotreplay
asset	db-shm	fmv	kf	odb	qbo	st6	wp
asw	dbt	fodt	kic	odc	qbp	st7	wp4
asx	dbv	fol	klg	odf	qbr	st8	wp5
asy	db-wal	forge	knt	odg	qbsdk	stc	wp6
aty	dbx	fos	kon	odm	qbt	std	wp7
avatar	dc2	fountain	kpg	odp	qbw	ste	wpa
awdb	dca	fp3	kwd	ods	qbwin	sti	wpb
awp	dcb	fp4	laccdb	odt	qby	stm	wpd
awt	dcr	fp5	latex	ofl	qdf	stn	wpe
aww	dcs	fp7	layout	oft	qdl	stp	wpg
azz	dct	fpk	lbf	oil	qmg	str	wpl
back	dcx	fpos	lbm	omf	qpd	strings	wps
backup	ddd	fpt	lbt	one	qpx	stw	wpt
bad	ddl	fpx	lgb	openbsd	qry	stx	wpw
bak	ddoc	frt	lgc	oplc	qsm	sty	wri
bank	dds	fsh	lis	oqy	qss	sub	wsc
bar	ded	ft10	lit	ora	qst	sum	wsd
bay	der	ft11	litemod	orf	qvd	sumo	wsh
bbs	des	ft7	ljp	orto	qwc	sva	wtx
bc6	desc	ft8	lmk	orx	r3d	svf	wvl
bc7	design	ft9	lnt	ota	rad	svg	x
bd	df1	ftn	log	otg	raf	svgz	x11
bdb	dgc	fwdn	lp2	oth	rar	swf	x3d
bdp	dgn	fx0	lrc	oti	ras	sxc	x3f
bdr	dgs	fx1	lrf	otp	rat	sxd	xar
bean	dgt	fxc	lst	ots	raw	sxg	xbdoc
bgt	dhs	fxg	ltr	ovp	raw	sxi	xbplate
bib	dib	fxr	ltx	ovr	rb	sxm	xdb
big	diz	fzb	lua	owc	rctd	sxw	xdl
bik	djv	fzv	lue	owg	rcu	syncdb	xf
bkf	djvu	g3	luf	oyx	rdb	syncmanagerlogger	xhtm
bkp	dm3	gcdp	lvl	ozb	rdl	t12	xla
blend	dmi	gdb	lwo	ozj	re4	t13	xlam
blkrt	dmo	gdoc	lwp	ozt	readme	t2b	xlb
blob	dmp	gdraw	lws	p12	rft	tab	xlc
bm2	dnc	gem	lxfml	p7b	rgb	tar	xld
bmp	dne	geo	lyt	p7c	rgf	tax	xlf
bmx	dng	gfb	lyx	p7s	rgss3a	tb0	xlgc
bmz	do	gfie	m	p96	rib	tbn	xll
bna	doc	ggr	m2	p97	ric	tcx	xlm
bnd	docm	ghoc	m3d	pages	riff	tdf	xlr
boc	docx	gif	m3u	pak	rim	tdt	xls
bok	docxml	gih	m4a	pal	ris	te	xlsb
bpw	docz	gim	m4v	pan	rix	teacher	xlsm
brk	dot	gio	ma	pano	rle	temp1234	xlsx
brn	dotm	glox	mac	pap	rli	tex	xlt
brt	dotx	gmbck	maf	pas	rm	text	xltm
bsa	dp1	gmspr	mam	pat	rng	tfc	xltx
bss	dpp	gpd	man	pbm	rofl	tg4	xlw
btd	dpx	gpn	map	pbo	rpd	tga	xmind
bti	dqy	gray	maq	pc1	rpf	thm	xml
btr	drf	grey	mar	pc2	rpt	thp	xmlx
byu	drw	gro	mat	pc3	rri	thumb	xmmap
bzabw	drz	grob	maw	pcd	rs	tif	xpm
c	dsk	grs	max	pcd	rsb	tiff	xpp
c4	dsn	grw	mb	pcs	rsd	tjp	xps
c4d	dsv	gry	mbm	pct	rsr	tlb	xsn
cal	dt	gsd	mbox	pcx	rst	tlc	xwp
cals	dt2	gthr	mcl	pdb	rt	tm	xxx
can	dta	gtp	mcmeta	pdd	rtd	tm2	xy3
cd5	dtd	gv	md5txt	pdf	rtf	tmd	xyp
cdb	dtsx	gwi	mdb	pdm	rtp	tmp	xyw
cdc	dtw	gz	mdbackup	pdn	rtx	tmv	y
cdf	dvi	h	mdbhtml	pe4	run	tmx	yal
cdg	dvl	hbk	mdc	pef	rw2	tn	ybk
cdmm	dwg	hdb	mddata	pem	rwl	tne	yml
cdmt	dx	hdp	mde	pfd	rwz	tor	ysp
cdmtz	dxb	hdr	mdf	pff	rzk	tpc	yuv
cdmz	dxf	hht	mdn	pfi	rzn	tpi	z3d
cdr	dxg	his	mdt	pfs	s2mv	trelby	zabw
cdr3	dxl	hkdb	me	pfv	s3m	trm	zdb
cdr4	ebd	hkx	mef	pfx	saf	tt	zdc
cdr6	ecml	hpg	mell	pgf	safetext	tvj	zif
cdrw	eco	hpgl	menu	pgm	sai	txt	zip
cdt	ecw	hpi	mft	phm	sam	u3d	ztmp
cdx	ecx	hpl	mfw	php	sas7bdat	u3i	zw

0	ce1	edb	hplg	mgcb	pi1	save	udb
36	ce2	efd	hpp	mgmf	pi2	say	ufo
411	cer	egc	hs	mgmt	pi3	sb	ufr
1cd	cf	eio	htc	mgmx	pic	sbf	uga
1pa	cfg	eip	html	mgtx	pict	scad	unauth
1st	cfp	eit	hvpl	min	pip	scan	unity
2bp	cfr	email	hwp	mkv	pix	scc	unrec
3dm	cfu	emd	hz	mlx	pjpeg	sci	unx
3ds	cgm	emf	i3d	mmat	pjpg	scm	uof
3fr	chart	eml	ib	mmw	pjt	scriv	uot
3g2	chord	emlx	ibd	mng	pkpass	scrivx	upd
3gp	cimg	ep	icn	mnr	pl	sct	upk
4db	cin	epf	icpr	mnt	pl	scv	usertile-ms
4dl	cit	epk	icxs	mobi	plantuml	scw	usr
4mp	ckp	epp	idc	mos	plc	sd0	utf8
73i	class	eps	idea	mov	plt	sda	utxt
7z	clkw	epsf	idx	movie	pm	sdb	v12
8xi	cls	eql	igt	mp3	pmg	sdf	v30
9png	cma	erf	igx	mp4	png	sdm	vault
a3d	cmt	err	ihx	mpf	pni	sdoc	vbr
ab4	cmx	esm	iif	mpg	pnm	sdw	vcf
abm	cnm	etf	iil	mpo	pntg	sep	vct
abs	cnt	etx	iiq	mpp	pnz	set	vda
abw	cnv	euc	imd	mpqge	pobj	sfc	vdb
accdb	colz	exf	indd	mrg	pop	sfera	vdf
accdc	cpc	exr	info	mrw	pot	sfw	vec
accde	cpd	fadein	ink	mrwref	potm	sgm	vff
accdr	cpg	fal	int	mrxs	potx	sid	vfs0
accdt	cpi	faq	ipf	msg	pp4	sidd	vml
accdw	cpp	fax	ipx	mso	pp5	sidn	vnt
accft	cps	fb2	itc2	mt9	ppam	sie	vob
ach	cpt	fb3	itdb	mte	ppm	sig	vpd
act	cpx	fbl	itl	mud	pps	sis	vpe
adb	cr2	fbx	itm	mwb	ppsm	sk1	vpk
adn	craw	fcd	itw	mwp	ppsx	sk2	vpp_pc
adp	crd	fcf	iwd	mx0	ppt	skcard	vrml
ads	crt	fdb	iwi	mxl	pptm	skm	vrp
af2	crw	fdf	j	myd	pptx	sla	vsd
af3	crwl	fdr	j2c	myl	prf	slagz	vsdm
aft	cs	fds	j2k	ncf	prt	sld	vsdx
afx	csh	fdt	jarvis	ncr	prw	sldasm	vsm
agif	csl	fdx	jas	nct	ps	slddrt	vst
agp	css	fdxt	java	nd	psafe3	sldprt	vstm
ahd	csv	fes	jb2	ndd	psd	slm	vstx
ai	csy	ff	jbig	ndf	psdx	sls	vsx
ai	ct	ffd	jbig2	nef	pse	smf	vtf
aic	cv5	fff	jbmp	nfo	psid	smil	vtx
aif	cvg	fft	jbr	njx	psk	sms	vue
aim	cvi	fh	jfif	nk2	psp	snagitstamps	vw
ait	cvs	fh10	jia	nlm	pspbrush	snagstyles	w3x
al	cvx	fh11	jis	notes	pspimage	snp	wallet
albm	cwt	fh3	jng	now	pst	snx	wav
alf	cxf	fh4	joe	nrw	psw	sob	wb1
ani	cyi	fh5	jp1	ns2	ptg	spa	wb2
ans	d3dbsp	fh6	jp2	ns3	pth	spe	wbc
apd	dac	fh7	jpe	ns4	ptx	sph	wbd
apj	daconnections	fh8	jpeg	nsd	pu	spj	wbk
apk	dacpac	fhd	jpg	nsf	pub	spp	wbm
apm	dad	fic	jpg2	nsg	puz	spq	wbmp
apng	dadiagrams	fid	jps	nsh	pvj	spr	wbz
aps	daf	fif	jpx	ntl	pvm	sqb	wcf
apt	das	fig	jrtf	nv2	pvr	sql	wdb
apx	daschema	fil	js	nwb	pwa	sqlite	wdp
arch00	dat	fim	jtf	nwctxt	pwi	sqlite3	webdoc
art	dazip	fla	jtx	nx1	pwr	sqlitedb	webp
artwork	db	flac	jwl	nx2	px	sr2	wgz
arw	db0	flc	jxr	nyf	pxr	srf	wire
as	db2	fli	k2p	nzb	py	srt	wll
asc	db3	flr	kdb	obj	pz3	srw	wma
ascii	dba	flv	kdbx	oc3	pza	ssa	wmdb
ase	dbc	fm	kdc	oc4	pzp	ssfn	wmf
asf	dbf	fm5	kdi	oc5	pzs	ssk	wmo
ask	dbk	fmp	kdk	oce	qba	st	wmv
asm	dbr	fmp12	kes	oci	qbbackup	st4	wn
asp	dbs	fmpsl	key	ocr	qbi	st5	wotreplay
asset	db-shm	fmv	kf	odb	qbo	st6	wp
asw	dbt	fodt	kic	odc	qbp	st7	wp4
asx	dbv	fol	klg	odf	qbr	st8	wp5
asy	db-wal	forge	knt	odg	qbsdk	stc	wp6
aty	dbx	fos	kon	odm	qbt	std	wp7
avatar	dc2	fountain	kpg	odp	qbw	ste	wpa
awdb	dca	fp3	kwd	ods	qbwin	sti	wpb
awp	dcb	fp4	laccdb	odt	qby	stm	wpd
awt	dcr	fp5	latex	ofl	qdf	stn	wpe
aww	dcs	fp7	layout	oft	qdl	stp	wpg
azz	dct	fpk	lbf	oil	qmg	str	wpl
back	dcx	fpos	lbm	omf	qpd	strings	wps
backup	ddd	fpt	lbt	one	qpx	stw	wpt
bad	ddl	fpx	lgb	openbsd	qry	stx	wpw
bak	ddoc	frt	lgc	oplc	qsm	sty	wri
bank	dds	fsh	lis	oqy	qss	sub	wsc
bar	ded	ft10	lit	ora	qst	sum	wsd
bay	der	ft11	litemod	orf	qvd	sumo	wsh
bbs	des	ft7	ljp	orto	qwc	sva	wtx
bc6	desc	ft8	lmk	orx	r3d	svf	wvl
bc7	design	ft9	lnt	ota	rad	svg	x
bd	df1	ftn	log	otg	raf	svgz	x11
bdb	dgc	fwdn	lp2	oth	rar	swf	x3d
bdp	dgn	fx0	lrc	oti	ras	sxc	x3f
bdr	dgs	fx1	lrf	otp	rat	sxd	xar
bean	dgt	fxc	lst	ots	raw	sxg	xbdoc
bgt	dhs	fxg	ltr	ovp	raw	sxi	xbplate
bib	dib	fxr	ltx	ovr	rb	sxm	xdb
big	diz	fzb	lua	owc	rctd	sxw	xdl
bik	djv	fzv	lue	owg	rcu	syncdb	xf
bkf	djvu	g3	luf	oyx	rdb	syncmanagerlogger	xhtm
bkp	dm3	gcdp	lvl	ozb	rdl	t12	xla
blend	dmi	gdb	lwo	ozj	re4	t13	xlam
blkrt	dmo	gdoc	lwp	ozt	readme	t2b	xlb
blob	dmp	gdraw	lws	p12	rft	tab	xlc
bm2	dnc	gem	lxfml	p7b	rgb	tar	xld
bmp	dne	geo	lyt	p7c	rgf	tax	xlf
bmx	dng	gfb	lyx	p7s	rgss3a	tb0	xlgc
bmz	do	gfie	m	p96	rib	tbn	xll
bna	doc	ggr	m2	p97	ric	tcx	xlm
bnd	docm	ghoc	m3d	pages	riff	tdf	xlr
boc	docx	gif	m3u	pak	rim	tdt	xls
bok	docxml	gih	m4a	pal	ris	te	xlsb
bpw	docz	gim	m4v	pan	rix	teacher	xlsm
brk	dot	gio	ma	pano	rle	temp1234	xlsx
brn	dotm	glox	mac	pap	rli	tex	xlt
brt	dotx	gmbck	maf	pas	rm	text	xltm
bsa	dp1	gmspr	mam	pat	rng	tfc	xltx
bss	dpp	gpd	man	pbm	rofl	tg4	xlw
btd	dpx	gpn	map	pbo	rpd	tga	xmind
bti	dqy	gray	maq	pc1	rpf	thm	xml
btr	drf	grey	mar	pc2	rpt	thp	xmlx
byu	drw	gro	mat	pc3	rri	thumb	xmmap
bzabw	drz	grob	maw	pcd	rs	tif	xpm
c	dsk	grs	max	pcd	rsb	tiff	xpp
c4	dsn	grw	mb	pcs	rsd	tjp	xps
c4d	dsv	gry	mbm	pct	rsr	tlb	xsn
cal	dt	gsd	mbox	pcx	rst	tlc	xwp
cals	dt2	gthr	mcl	pdb	rt	tm	xxx
can	dta	gtp	mcmeta	pdd	rtd	tm2	xy3
cd5	dtd	gv	md5txt	pdf	rtf	tmd	xyp
cdb	dtsx	gwi	mdb	pdm	rtp	tmp	xyw
cdc	dtw	gz	mdbackup	pdn	rtx	tmv	y
cdf	dvi	h	mdbhtml	pe4	run	tmx	yal
cdg	dvl	hbk	mdc	pef	rw2	tn	ybk
cdmm	dwg	hdb	mddata	pem	rwl	tne	yml
cdmt	dx	hdp	mde	pfd	rwz	tor	ysp
cdmtz	dxb	hdr	mdf	pff	rzk	tpc	yuv
cdmz	dxf	hht	mdn	pfi	rzn	tpi	z3d
cdr	dxg	his	mdt	pfs	s2mv	trelby	zabw
cdr3	dxl	hkdb	me	pfv	s3m	trm	zdb
cdr4	ebd	hkx	mef	pfx	saf	tt	zdc
cdr6	ecml	hpg	mell	pgf	safetext	tvj	zif
cdrw	eco	hpgl	menu	pgm	sai	txt	zip
cdt	ecw	hpi	mft	phm	sam	u3d	ztmp
cdx	ecx	hpl	mfw	php	sas7bdat	u3i	zw

Ransom:Win32/HydraCrypt.A

Summary

What to do now

Run antivirus or antimalware software

Advanced troubleshooting

Use cloud protection

Get more help

Technical information

Threat behavior

Installation

Payload

Prevention

Symptoms