a bit off topic, how to find encrytped files (ransom attack)
Jan Eden
tech at eden.one
Thu Aug 4 20:20:42 CEST 2022
Hi,
I just check for a list of ransomware filename patterns (e.g.
*.cryptotorlocker*).
Best regards,
Jan
On 2022-08-04 18:58, Uwe Brauer via Gnupg-users wrote:
>
>
> Hi
>
> I apologize for this message that can be a bit off topic.
> (I am on Ubuntu 16.04)
>
> How can I find say encrypted files in my home directory? The idea is to
> use some magic command together with the find command.
> I know
>
> 1. The file command will return for example for a gpg encrypted file
> file .authinfo.gpg
> .authinfo.gpg: PGP RSA encrypted
>
> 2. However for X509 file I obtain
> file test.p12
> file.p12: data
>
> 3. I could use the ent command which measure the entropy, high
> entropy is an indication of encryption (but jpg have also high
> entropy). However I should then study the distribution of each
> letter to be sure.
>
> So is there any other way to run find and some other script to find
> suspicious files? Google is not really helpful
>
> Regards
>
> Uwe Brauer
>
>
>
> --
> I strongly condemn Putin's war of aggression against the Ukraine.
> I support to deliver weapons to Ukraine's military.
> I support the ban of Russia from SWIFT.
> I support the EU membership of the Ukraine.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220804/4917b8a7/attachment.sig>
More information about the Gnupg-users
mailing list