a bit off topic, how to find encrytped files (ransom attack)

Ángel angel at pgp.16bits.net
Tue Aug 9 22:23:21 CEST 2022

On 2022-08-04 at 18:58 +0200, Uwe Brauer wrote:
> Hi 
> So is there any other way to run find and some other script to find
> suspicious  files? Google is not really helpful
> Regards
> Uwe Brauer 

If you suffer a ransomware attack I would say your problem won't be
*noticing* that. If you didn't, that's a failure by the attackers. They
want you to notice (once they're finished), so that they get paid.
Most often, they will change the extension (.ransom, an email
address...) as well as include a ransom note on every directory.

Once you find what pattern they used, it's simple to find all other
files like that.


More information about the Gnupg-users mailing list