Actual ransomware usually will have obvious indications (signs of infection
)...it typically targets and encrypts data files so you cannot open them on your computer (and all connected drives at the time of infection), in most cases it appends an obvious extension to the end or beginning of encrypted filenames (although some variants do not), demands a ransom payment by dropping ransom notes in every directory or affected folder where data has been encrypted and sometimes changes Windows wallpaper. Less obvious symptoms include adding or modifying registry entries and deletion of Shadow Volume Copies
so that you cannot restore your files from before they had been encrypted but leaves the operating system working so the victim can pay the ransom. Further, when dealing with real ransomware
, the cyber-criminals generally instruct their victims to contact them by email or website for decryption...they do not provide a phone number
to call for assistance.
If there are no obvious extensions appended to your file names, no ransom notes, no demands of payment and your data is not actually encrypted, then you most likely are dealing with something else.