Another thing to be aware of.
“There are a number of examples where true encryption doesn’t occur. Instead, cyber criminals rely on the social engineering edge of the attack to convince people to pay,” warns Grayson Milbourne, director of security intelligence at Webroot.So yet another reason to hate these guys.
Is it real or fake?
It takes only a few seconds to confirm whether it’s a real infection or a social engineering scam.
If the ransom demand includes the name of the ransomware, then there’s no mystery, and you're in trouble. Ransomware families that identify themselves include Linux.Encoder -- the first Linux-based ransomware -- which clearly says “Encrypted by Linux.Encoder.” CoinVault identifies itself by listing the support email address. TeslaCrypt and CTB-Locker are also among the well-known ransomware families that tell you who is holding your files hostage.. "
The only solution is to train yourself and your people so that they are not caught by real or fake ransom ware demands.
I think that finally there is something that would suck more than paying the ransom to get your files decrypted: paying the ransom to get your files decrypted when they were never encrypted at all.