a bit off topic, how to find encrytped files (ransom attack)
tech at eden.one
Wed Aug 10 16:25:49 CEST 2022
On 2022-08-09 22:23, Ángel wrote:
> On 2022-08-04 at 18:58 +0200, Uwe Brauer wrote:
> > Hi
> > So is there any other way to run find and some other script to find
> > suspicious files? Google is not really helpful
> > Regards
> > Uwe Brauer
> If you suffer a ransomware attack I would say your problem won't be
> *noticing* that. If you didn't, that's a failure by the attackers. They
> want you to notice (once they're finished), so that they get paid.
> Most often, they will change the extension (.ransom, an email
> address...) as well as include a ransom note on every directory.
> Once you find what pattern they used, it's simple to find all other
> files like that.
I check for certain filename patterns and/or modified files (comparing
to pre-created hashes) before initiating a backup.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: not available
More information about the Gnupg-users