a bit off topic, how to find encrytped files (ransom attack)

Uwe Brauer oub at mat.ucm.es
Thu Aug 4 18:58:57 CEST 2022



Hi 

I apologize for this message that can be a bit off topic.
(I am on Ubuntu 16.04)

How can I find say encrypted files in my home directory? The idea is to
use some magic command together with the find command.
I know

    1. The file command will return for example for a gpg encrypted file
       file .authinfo.gpg
       .authinfo.gpg: PGP RSA encrypted

    2. However for X509 file I obtain 
       file test.p12
       file.p12: data

    3. I could use the ent command which measure the entropy, high
       entropy is an indication of encryption (but jpg have also high
       entropy). However I should then study the distribution of each
       letter to be sure.

So is there any other way to run find and some other script to find
suspicious  files? Google is not really helpful

Regards

Uwe Brauer 



-- 
I strongly condemn Putin's war of aggression against the Ukraine.
I support to deliver weapons to Ukraine's military. 
I support the ban of Russia from SWIFT.
I support the EU membership of the Ukraine. 




More information about the Gnupg-users mailing list