Were your files really encrypted?
Upload up to 5 suspicious files. We'll analyse the contents right here in your browser to check for signs of real encryption — or whether they're just fakes designed to make you pay.
Drop files here or click to browse
Up to 5 files, any type. Analysis reads only the first 1MB of each file.
Analysing...
How does this work?
This tool reads the raw bytes of your files and looks for three things:
- File signatures: Every file type has a unique fingerprint in its first few bytes. A JPEG always starts with
FF D8 FF, a PNG with89 50 4E 47. If we can still read this signature, the file hasn't been encrypted. - Entropy: Encrypted data looks completely random — it has very high entropy (close to 8.0 on a scale of 0-8). Normal files have much lower entropy. If a file's entropy is low, it's not encrypted.
- Null content: Some attackers create files filled entirely with zeros — empty placeholders. These have near-zero entropy and are instantly identifiable as fake.
Real encryption transforms data into something statistically indistinguishable from random noise. Fake "encryption" — like wiping files and replacing them with placeholders — leaves very different fingerprints.
Disclaimer: This tool provides an initial assessment based on file structure analysis. It is not a substitute for professional forensic examination. If you're dealing with a compromised device, contact us for a proper assessment.
Need Professional Help?
Results unclear? Let us take a proper look.
A file check is a starting point. A forensic assessment gives you the full picture.