a bit off topic, how to find encrytped files (ransom attack)

Jan Eden tech at eden.one
Thu Aug 4 20:20:42 CEST 2022


I just check for a list of ransomware filename patterns (e.g.

Best regards,

On 2022-08-04 18:58, Uwe Brauer via Gnupg-users wrote:
> Hi 
> I apologize for this message that can be a bit off topic.
> (I am on Ubuntu 16.04)
> How can I find say encrypted files in my home directory? The idea is to
> use some magic command together with the find command.
> I know
>     1. The file command will return for example for a gpg encrypted file
>        file .authinfo.gpg
>        .authinfo.gpg: PGP RSA encrypted
>     2. However for X509 file I obtain 
>        file test.p12
>        file.p12: data
>     3. I could use the ent command which measure the entropy, high
>        entropy is an indication of encryption (but jpg have also high
>        entropy). However I should then study the distribution of each
>        letter to be sure.
> So is there any other way to run find and some other script to find
> suspicious  files? Google is not really helpful
> Regards
> Uwe Brauer 
> -- 
> I strongly condemn Putin's war of aggression against the Ukraine.
> I support to deliver weapons to Ukraine's military. 
> I support the ban of Russia from SWIFT.
> I support the EU membership of the Ukraine. 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220804/4917b8a7/attachment.sig>

More information about the Gnupg-users mailing list