Ransom.

detection icon

Short bio

Ransom. is Malwarebytes’ detection name for ransomware, which is a category of malware that holds files or systems hostage for ransom.

Symptoms

Typically, users will receive a notification (ransom note) that a threat actor has taken control of the system or the files. The note usually explains how to pay the ransom, how much it’s for, and how long users have to pay before their files are deleted.

Type and source of infection

Ransomware is a threat that prevents users from accessing their system or personal files and demands ransom payment in order to regain access.

The most common infection vectors for ransomware are:

Malicious spam (malspam) emails that include booby-trapped PDF or Office documents Exploit kits via malvertising (drive-by download)

Protection

Malwarebytes protects users from ransomware by using its anti-ransomware technology and real-time protection.

Remediation

Malwarebytes can detect and remove ransomware without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Take note, however, that removing this ransomware does not decrypt your files. You can only get your files back from backups you made before the infection happened, or by using Malwarebytes Ransomware Rollback technology.