We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Ransom:Win32/Snake
Aliases: No associated aliases
Summary
The Snake ransomware first appeared in December 2019. It encrypts files on your device and can prevent you from accessing data and from using the device. It then displays a ransom note to demand payment in exchange for restoring access to the encrypted files.
This ransomware is deployed during human-operated ransomware campaigns. It deletes volume shadow copies of operating systems to prevent recovery in the case of backups. It encrypts not only data on local drives, but also data on shares and other network resources.
For more details and learn how to protect against ransomware, read these blogs:
Ransomware groups continue to target healthcare, critical services
There is no one-size-fits-all response if you have been victimized by ransomware. To recover files, you can restore backups. There is no guarantee that paying the ransom will give you access to your files. If you have already paid, see ransomware page for help on what to do now.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Micorsoft virus and malware community for more help.