Typically what ransomware does is add an extension to the file (like ".encrypted"), and then has a whitelist of extensions to actually encrypt.
Not a member of The Register?
Create a new account
Remember me on this computer?
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2020