a bit off topic, how to find encrytped files (ransom attack)
Uwe Brauer
oub at mat.ucm.es
Thu Aug 4 18:58:57 CEST 2022
Hi
I apologize for this message that can be a bit off topic.
(I am on Ubuntu 16.04)
How can I find say encrypted files in my home directory? The idea is to
use some magic command together with the find command.
I know
1. The file command will return for example for a gpg encrypted file
file .authinfo.gpg
.authinfo.gpg: PGP RSA encrypted
2. However for X509 file I obtain
file test.p12
file.p12: data
3. I could use the ent command which measure the entropy, high
entropy is an indication of encryption (but jpg have also high
entropy). However I should then study the distribution of each
letter to be sure.
So is there any other way to run find and some other script to find
suspicious files? Google is not really helpful
Regards
Uwe Brauer
--
I strongly condemn Putin's war of aggression against the Ukraine.
I support to deliver weapons to Ukraine's military.
I support the ban of Russia from SWIFT.
I support the EU membership of the Ukraine.
More information about the Gnupg-users
mailing list