Skip to main content
Published Nov 14, 2022 | Updated Jul 28, 2023

Ransom:Win32/IndustrialSpy!MTB

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

This is a detection for ransomware that steals and encrypts files to extort the victim. If the payments are not made in time, the threat actors will sell the stolen data in the marketplace called industrial Spy. The ransomware uses Triple DES (3DES) to encrypt files.

For information about Industrial Spy and other human-operated ransomware campaigns, read these blog posts: 

There is no one-size-fits-all response if you have been victimized by ransomware. To recover files, you can restore backups. There is no guarantee that paying the ransom will give you access to your files.

It is recommended to remove the infected device from the network.

Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

Follow us