Views:

The crypto-ransomware family has the capability to encrypt files. After executing its malicious routine, some variants have been observed to delete themselves, leaving just the ransom note on the machine.

If your Trend Micro product detected just the ransom note, make sure your pattern is updated and perform a scan to look for the actual malware that dropped the ransom note. If there are no malware detected, look for possible undetected malware by running the ATTK collect tool: Using the Trend Micro Anti-Threat Toolkit to analyze malware issues and clean infections.

To know more about ransomware and the best practices to prevent this type of infection, refer to the following article: Ransomware: Trend Micro Solutions, Best Practice Configuration and Prevention.

Keywords: Crypto-ransomware,malware that encrypts important files,malware that holds files hostage,recover encrypted files,.txt ransom note,.html ransom note,.png ransom note,encrypted by crypto-ransomware malware,ransom note as Indicator of Compromise,ransom note