Microsoft removed ransomware from 24,000 Windows computers this year. The removal took place through the Malicious Software Removal Tool (MSRT), the Windows built-in virus removal tool that is able to detect and remove most malware families. The 24,000 ransomware infections were mainly caused by four different variants that are distributed through email attachments and drive-by downloads. The four are Crowti, Critroni, Teerac and Tescrypt.
MSRT receives new signatures every month and then automatically scans the computer, mainly to detect and remove active malware. In contrary to e.g. Windows Defender, MSRT is no real-time defense against malware.
This year Microsoft added 29 signatures of new malware variants to MSRT, mainly ransomware as this is where the company especially focussed on the last couple of months. The company has decided to do so after it saw a large number of infections and because of the high impact on consumers and enterprises.
Earlier this year Microsoft checked hundreds of millions of PCs for Cryptowall, Reveton and Tescrypt ransomware. Until today the company didn't disclose of how many of those computers it actually removed ransomware.
