Check Files For Encryption

TL;DR

This guide shows you how to quickly check if files on your computer are encrypted using simple tools and techniques. We’ll cover methods for Windows, macOS, and Linux.

Checking for Encryption: A Step-by-Step Guide

1. Understand What You’re Looking For
• Encrypted files aren’t readable without a password or key. They often have unusual file extensions (e.g., .aes, .locky) or no extension at all.
• Look for ransom notes – these are common with ransomware attacks that encrypt your files.
2. Windows: Using File Properties
1. Right-click the file you suspect is encrypted.
2. Select ‘Properties’.
3. Go to the ‘General’ tab.
4. Look at the ‘Attributes’ section. If it says ‘Hidden’, ‘System’, or ‘Read-only’, this *could* indicate encryption, but isn’t definitive.
3. Windows: Using PowerShell (Advanced)

PowerShell can help identify file types and potentially encrypted files.

Get-FileHash -Path "C:pathtoyourfile.ext" | Format-List

Examine the ‘Algorithm’ field. Common encryption algorithms include SHA256, SHA512, and MD5 (though MD5 is less secure now). This doesn’t *prove* encryption but gives a clue.

4. macOS: Using Get Info
1. Select the file in Finder.
2. Press Command + I (or right-click and choose ‘Get Info’).
3. Look at the ‘General’ section for size, kind of file, and permissions. Unusual sizes or file types can be a sign.
5. macOS: Using Terminal (Advanced)

The file command can identify file types.

file /path/to/your/file.ext

If the output says something like ‘encrypted data’ or an unusual format, it’s worth investigating further.

6. Linux: Using the file Command

Open a terminal and use the file command:

file /path/to/your/file.ext

Similar to macOS, look for output indicating ‘encrypted data’ or an unexpected file type.

7. Linux: Using stat Command

The stat command shows detailed file information including permissions and access times. Unusual permission settings might indicate encryption.

stat /path/to/your/file.ext

8. Scanning with Antivirus/Anti-malware Software
• Run a full system scan with your antivirus software. Many programs can detect ransomware and other malware that encrypts files.
• Make sure your antivirus definitions are up to date.
9. Checking for Common Encryption Extensions

Search your computer for files with these extensions:

• .aes
• .locky
• .crypt
• .encrypted
• .ecc
• .ransom
10. What to Do If You Find Encrypted Files
• Do not pay the ransom! There’s no guarantee you’ll get your files back, and it encourages criminals.
• Disconnect your computer from the internet to prevent further spread of malware.
• Report the incident to your local cyber security authorities.
• Consider restoring from a backup (if you have one). This is the best solution.