Netflix Ransomware is a ransomware Trojan that uses the temptation of free access to Netflix to trick computer users into allowing it to run its encryption routine. 

Netflix Ransomware, like other ransomware Trojans, is designed to encrypt victims files, making them inaccessible. After asking the victim's files hostage, the Netflix Ransomware demands the payment of a ransom to obtain the decryption key necessary to recover the affected files.



Netflix Ransomware may be delivered to a computer by tricking computer users into downloading an application named 'Netflix Login Generator.' As its name implies, this program claims that it will produce a free account so that computer users can access the Netflix without having to pay.

Computer users that fell for this tactic allowed it to have administrative privileges and ran on their computers. This ploy, a tactic that is not uncommon in threat delivery mechanisms, results in a successful encryption attack on the victim's computer.


After encrypting the victim's files, the Netflix Ransomware displays a message containing the Netflix logo. This lock screen alerts the victim of the attack and demands the payment of a ransom. The full message of the Netflix Ransomware lock screen is displayed below:

Data on your device has been locked
Follow the instructions to unlock your data
Open 'Instructions.txt' on your Desktop.
carrying the Netflix logo, cyber security analysts revealed that the Trojan features screen lock functions.

Netflix Ransomware is classified as a screen locker because of the message it displays. However, PC security analysts have received reports that the Netflix Ransomware also has encryption functions that allow it to make the victims' files inaccessible. The combination of encryption, screen locker, and a successful social engineering tactic makes the Netflix Ransomware particularly effective at what it does.

After the victim installs the Netflix Ransomware, thinking that it will allow them to have free access to Netflix, the Netflix Ransomware will make changes to the Windows Registry that allow it to run during startup and encrypt the victim's files automatically, while displaying its lock screen. In the Netflix Ransomware's text file, the victims are instructed to go to a Web page on TOR and to follow the instructions for payment displayed on it. Different versions of the Netflix Ransomware use different ransom amounts, which are carried out using Bitcoin, an anonymous online currency.

Community content is available under CC-BY-SA unless otherwise noted.