Ransom:Win32/Genasom.DR
Microsoft Defender Antivirus detects and removes this threat.
This threat stops you from loading Windows and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.
It tries to scare you into paying a fine or texting a premium-charge phone number to unlock your PC.
You can read more on our ransomware page.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:Win32/Genasom.II
Microsoft Defender Antivirus detects and removes this threat.
This threat stops you from loading Windows and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.
It tries to scare you into paying a fine to unlock your PC.
Our ransomware FAQ page has more information on this type of threat.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:HTML/Genasom.E
Microsoft Defender Antivirus detects and removes this threat.
The threat is a HTML page used by the Ransom:Win32/Urausy.A ransomware trojan.
This threat stops you from loading Windows and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, do not pay it. The message is a fraud.
It tries to scare you into paying a fine to unlock your PC.
Our ransomware FAQ page has more information on this type of threat.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:Win32/Stampado.A
Windows Defender AV detects and removes this threat.
This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.
Our ransomware FAQ page has more information on this type of threat.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:Win32/LockScreen
The threat locks your screen and prevents you from using your desktop. It shows you a message saying that if you want to regain access to your desktop, you have to pay a fine in the form of an SMS sent to a premium number.
This type of threat is known as ransomware.
Our ransomware FAQ page has more information on this type of threat.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:Win32/Reveton.A
Microsoft Defender Antivirus detects and removes this threat.
This threat locks your PC and displays a full-screen message, commonly called a "lock screen". If this threat asks you to pay a fee or fine, don't pay it. The message is a fraud.
It pretends to be from your local police force and tries to scare you into paying a fine to unlock your PC.
It's likely your PC has also been infected with other malware from the Win32/Reveton family.
Our ransomware FAQ page has more information on this type of threat.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.
Ransom:Win32/Cryproto.A
Windows Defender detects and removes this threat.
This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.
Our ransomware page has more information on this type of threat.
Ransom:Win32/Warik.A
Windows Defender detects and removes this threat.
This ransomware encrypts the files on your PC so you can't use them. It shows you a message that says you must pay for decryption software to get access to your files again.
It can be installed on your PC by other malware, or you might have downloaded it from a torrent or file sharing site, thinking it was something else.
See our ransomware page for more information about this type of threat, including ways to prevent it and how to recover your files.
Ransom:Win32/Cendode.A
Windows Defender detects and removes this threat.
This threat can encrypt your files and ask you for a payment to unlock them.
Ransom:Win32/Weelsof.C
Trojan:Win32/Weelsof.C is a trojan that connects to certain servers to download arbitrary files.
Ransom:Win32/Petya.B
Microsoft Defender Antivirus detects and removes this threat.
This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.
This ransomware has worm-like capabilities that allows it spread across infected networks. It's spreading capabilities include:
- Lateral movement using credential theft and impersonation
- Lateral movement using the EternalBlue and EternalRomance exploits
For more information on this threat, which caused an outbreak on Jun 27, 2017, read these blog posts on the Windows Security blog:
- Windows 10 platform resilience against the Petya ransomware attack
- New ransomware, old techniques: Petya adds worm capabilities
Our ransomware page has more information on this type of threat.
Ransom:Win32/Critroni.B
Windows Defender detects and removes this threat.
This threat locks your files and stops you from using them. It then shows you a message that tells you to pay money to get access to your files again.
It can be installed on your PC by TrojanDownloader:Win32/Dalexis, Spammer:Win32/Tedroo, by spam email or by exploit kits.
Ransom:Win32/Isda
Windows Defender detects and removes this threat.
The threat encrypts your files and asks you to contact the email provided in order to receive instructions on how to decrypt your files.
This threat can be bundled with other malware. It can also be downloaded when you click on a link in a spam email.
Find out ways that malware can get on your PC.
You can read more on our ransomware page.