: After encryption, a text file (often named ReadMe.txt ) is generated, demanding payment in cryptocurrency (Bitcoin) in exchange for a decryption key.

If you're dealing with an active infection, I can provide steps for or point you toward decryption tools .

on your encrypted files (if already infected)

: Beyond file encryption, it may attempt to disable security software, delete Shadow Volume Copies (preventing easy system restores), and establish persistence on the infected machine. Recommended Safety Actions

installed (e.g., Windows Defender, Malwarebytes) Availability of backups (cloud or external drives)

: Immediately delete the file and empty your recycle bin.