Skip to main content
Skip to main content
Microsoft Security Intelligence
500 entries found. Displaying page 5 of 25.
Updated on Jun 08, 2017

Microsoft Defender Antivirus detects and removes this threat.

This ransomware encrypts the files on your PC and directs you to a webpage with instructions on how to unlock them. It asks you to make a payment using bitcoins.

Our family description Win32/Tescrypt has more details on this threat, and our ransomware page has more information on ransomware in general.

Windows 10 protects you from ransomware. Read more:

Windows 10 Creators Update provides next-gen ransomware protection

You can also read more about ransomware on the Windows Security blog.

IT administrators can read this playbook on how enterprises can detect, investigate, and mitigate ransomware in networks:

Alert level: severe
Updated on Oct 10, 2022
Alert level: severe
Updated on Jun 20, 2024
Alert level: severe
Updated on Jun 20, 2024
Alert level: severe
Updated on Jun 20, 2024
Alert level: severe
Updated on Jun 20, 2024
Alert level: severe
Updated on Apr 17, 2016

Windows Defender detects and removes this threat.

This threat is a member of the Ransom: MSIL/Tarocrypt family.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

Our ransomware page has more information on this type of threat.

Alert level: severe
Updated on Aug 24, 2014

Windows Defender detects and removes this threat.

This threat locks your PC and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.

It pretends to be from the FBI or a national police force and tries to scare you into paying a fine to unlock your PC.

Typically, this threat gets on your PC when you visit a hacked webpage.

You can read more about this type on malware at the Ransom:Win32/Urausy family description or on our ransomware page.

Find out ways that malware can get on your PC.

Alert level: severe
Updated on Jun 03, 2014

Ransom:Win32/Grymegat.A is a ransomware that locks your PC and displays a webpage that covers your desktop. This webpage demands the payment of a fine for the supposed possession of illicit material.

The trojan might make lasting changes to your PC that make it difficult for you to download, install, run, or update your virus protection. For specific recovery information, please see the relevant variant's entry in the encyclopedia and the Additional recovery instructions in this entry.

For more information on ransomware, please see our FAQ on ransomware.

Alert level: severe
Updated on Jun 04, 2014

Windows Defender detects and removes this threat.

This threat locks your PC and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.

It pretends to be from the FBI or a national police force and tries to scare you into paying a fine to unlock your PC.

Typically, this threat gets on your PC when you visit a hacked webpage.

You can read more about this type on malware at the Ransom:Win32/Urausy family description or on our ransomware page.

Alert level: severe
Updated on Jun 11, 2014

Windows Defender detects and removes this threat.

The threat might get into your PC through spam emails or by being downloaded by other malware.

It encrypts your files and holds them for ransom; it demands that you pay to get access to your files back. It might display a message that looks like this:

It can also lower your PC's security by changing certain settings.

Read more about threats like this in our ransomware page.

Find out ways that malware can get on your PC.

Alert level: severe
Updated on Oct 24, 2019

Microsoft Defender Antivirus detects and removes this threat.

This ransomware  renders files inaccessible by encrypting them. It is also usually spread by Trojan:Win32/Trickbot and Win32/Emotet malware families via phishing emails.

After encrypting files, this ransomware sets the desktop wallpaper and stops processes from running on your machine without your consent.

Find out ways that malware can get on your PC.  

Read our report about ransomware protection: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Microsoft Defender Antivirus detects and removes this threat.

This threat stops you from loading Windows and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.

It tries to scare you into paying a fine to unlock your PC.

You can read more on our ransomware page.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Microsoft Defender Antivirus detects and removes this threat.

This threat stops you from loading Windows and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.

It tries to scare you into paying a fine to unlock your PC.

You can read more on our ransomware page.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Microsoft Defender Antivirus detects and removes this threat.

This ransomware encrypts files and asks for ransom in exchange for decrypting files.

It is downloaded by TrojanDownloader:Win32/Cryxos.B.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender AV detects and removes this threat.

This ransomware searches for certain types of files and encrypts these files. It renames the encrypted files by appending the new extension name .firecrypt. For example, after it encrypts the file example.doc, it renames this file to example.doc.firecrypt.

Encrypted files are inaccessible unless victims pay a fee to attackers. We have samples that include a ransom note instructing victims to send bitcoins to an attacker-controlled email address.

This ransomware also attempts to connect to a legitimate website as part of a denial-of-service (DoS) attack against that site.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Microsoft Defender Antivirus detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Microsoft Defender Antivirus detects and removes this threat. 

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money (in the form of Bitcoins) to a malicious hacker.

This ransomware is installed by the Magnitude exploit kit, which used to deliver another prominent ransomware family, Cerber.

When run, this threat checks the machine's default system language. If the system language is Korean, it launches its malicious routines. Otherwise, self-deletes after three seconds.

It encrypts files using AES 128-bit and appends the file name extension .ihsdj to encrypted files.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jun 08, 2017

Microsoft security software detects and removes this threat.

This trojan stops you from using your PC by showing an alert message screen. This screen can include adult content and might ask you to pay a "fine" or fee to unlock your PC.

This threat also replaces important Windows system files with copies of itself.

Due to the damage this threat can do to your PC, you might need to reinstall some files from a Windows installation disc, or a backup source.

Windows 10 protects you from ransomware. Read more:

Windows 10 Creators Update provides next-gen ransomware protection

Alert level: severe
Updated on Jun 08, 2017

Windows Defender detects and removes this threat.

This threat stops you from loading Windows and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.

It tries to scare you into paying a fine to unlock your PC.

Windows 10 protects you from ransomware. Read more:

Windows 10 Creators Update provides next-gen ransomware protection

You can read more about this type of threat on our ransomware page.

Alert level: severe