This means that the file is signed but as Kleopatra does not know the certificate with which the signature was made it can not check the signature. A signature with an unknown certificate is worthless. Anyone can create an OpenPGP key and sign anything.
You have to get the certificate from somewhere and import it. A classic method would be to search on a keyserver, but as those are not reliable sources nowadays, no keyserver is configured by default any more in Kleopatra. How one can configure one is described here: How do I import key when something like a certificate file isn't provided and instead a keyserver? - #2 by eebb
After import you have to check if the certificate belongs to the correct entity and after that certify it with your own secret key to document that you verified that. After that you can try to verify the signed data again.
We really need an updated Gpg4win compendium or other novice documentation…