Short bio

“Ransom.” is Malwarebytes’ detection name for ransomware, which is a category of malware that holds files or systems hostage for ransom. To learn more about ransomware, read our related blog content.


Typically, users will receive a notification (ransom note) that a threat actor has taken control of the system or the files. The note usually explains how to pay the ransom, how much it’s for, and how long users have to pay before their files are deleted.

Type and source of infection

Ransomware is a threat that prevents users from accessing their system or personal files and demands ransom payment in order to regain access.

The most common infection vectors for ransomware are:

Malicious spam (malspam) emails that include booby-trapped PDF or Office documents
Exploit kits via malvertising (drive-by download)


Malwarebytes protects users from ransomware by using its anti-ransomware technology and real-time protection.


Malwarebytes can detect and remove {detection name} without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  3. Then click Finish.
  4. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  5. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  6. When the scan is complete, make sure that All Threats are selected, and click Remove Selected.
  7. Restart your computer when prompted to do so.

Take note, however, that removing this ransomware does not decrypt your files. You can only get your files back from backups you made before the infection happened, or by using Malwarebytes Ransomware Rollback technology.

Select your language