Windows 8 Not Immune to Ransomware

Cybercriminals have for some time now recognized that ransomware can be a highly profitable endeavor. This has led to a significant increase of different ransomware in the wild with no sign of it leaving the threat landscape anytime soon.

So, how effective is ransomware on Windows 8 compared to other operating systems? To answer this question, Symantec ran several prevalent ransomware samples currently found in the wild in a default Windows 8 environment. While some samples ran poorly on Windows 8, it did not take long to find a ransomware variant (Trojan.Ransomlock.U) that successfully locked a Windows 8 system, effectively holding it to ransom.

Figure. Ransomware-locked Windows 8 system

The Trojan.Ransomlock.U variant uses the geolocation of the compromised system to serve localized ransomware screens in the appropriate language. While the ransonware running on Windows 8 correctly identified our location, the cybercriminals in this case must not have realized that English is the main language spoken in Ireland (less than 15 percent of the population is actually able to read Irish language). Their ingenuity in this case has lowered the chance of the ransom attempt being successful.

As more users adopt Windows 8, Symantec expects to see more malware targeting this new environment. Symantec will continue to actively monitor the threat landscape to ensure protection against any new threats.

For a detailed investigation into ransomware variants, please see our ransomware whitepaper.


If you are affected by any ransomware scam—do not pay the ransom. Instead, follow our removal steps and watch our video for additional help.