a bit off topic, how to find encrytped files (ransom attack)
Jan Eden
tech at eden.one
Wed Aug 10 16:25:49 CEST 2022
On 2022-08-09 22:23, Ángel wrote:
> On 2022-08-04 at 18:58 +0200, Uwe Brauer wrote:
> >
> > Hi
> >
> > So is there any other way to run find and some other script to find
> > suspicious files? Google is not really helpful
> >
> > Regards
> >
> > Uwe Brauer
>
> If you suffer a ransomware attack I would say your problem won't be
> *noticing* that. If you didn't, that's a failure by the attackers. They
> want you to notice (once they're finished), so that they get paid.
> Most often, they will change the extension (.ransom, an email
> address...) as well as include a ransom note on every directory.
>
> Once you find what pattern they used, it's simple to find all other
> files like that.
I check for certain filename patterns and/or modified files (comparing
to pre-created hashes) before initiating a backup.
Best regards,
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220810/547c8880/attachment.sig>
More information about the Gnupg-users
mailing list