Microsoft checks hundreds of millions of PCs for CryptoWall and Reveton ransomware

Microsoft checked hundreds of millions Windows computers for ransomware this month. The check took place through the Malicious Software Removal Tool (MSRT), the built-in virus removal tool that is able to detect and remove most malware families.


The tool is updated each month to be able to detect new malware families. Simultaneously MSRT  also scans the computer for these families. This month Microsoft released an update that can detect Crowti/CryptoWall and Reveton ransomware on computers.

CryptoWall distributes through email attachments and can be bundled with all kinds of other malware and exploit kits. In May and June Microsoft detected about 300,000 computers that were infected with CryptoWall. Once the malware becomes active it will encrypt all kinds of files and then asks a ransom to decrypt them. Infections with the ransomware were mainly discovered in the United States and Brazil.

Microsoft warns users to not open any suspicious email attachments. The software giant also underlines that there’s no guarantee that after paying the ransom users regain access to their files or that their PC will fully recover. Microsoft therefore advises to not pay the ransom. Using File History it should also be possible to get files back on an infected computer.

The second ransomware family that Microsoft targets with MSRT is Reveton. This family has been the target of the virus removal tool before. The Reveton ransomware locks computers and then shows a warning that appears to be coming from the FBI of local police. According to the warning the user has committed a crime and needs to pay a fine. In this case it’s only a warning, files are not encrypted by Reveton.