Actual ransomware usually will have obvious indications (signs of infection
)...it typically targets and encrypts data files so you cannot open them on your computer (and all connected drives at the time of infection), in most cases it appends an obvious extension to the end or beginning of encrypted filenames (although some variants do not), demands a ransom payment by dropping ransom notes in every directory or affected folder where data has been encrypted and sometimes changes Windows wallpaper. Less obvious symptoms include adding or modifying registry entries and deletion of Shadow Volume Copies
so that you cannot restore your files from before they had been encrypted but leaves the operating system working so the victim can pay the ransom. Further, when dealing with real ransomware
, the cyber-criminals generally instruct their victims to contact them by email or website for decryption...they do not provide a phone number
to call for assistance.
If there are no obvious extensions appended to your file names, no ransom notes, no demands of payment, your data is not actually encrypted and a phone number is provided to call, then you most likely are dealing with fake ransomware
, a fake web page in your browser
, some version of a Tech Support Scam
or something else.
For more information about how these scams work and resources to protect yourself, please read Beware of Phony Emails & Tech Support Scams