a bit off topic, how to find encrytped files (ransom attack)

Jan Eden tech at eden.one
Wed Aug 10 16:25:49 CEST 2022

On 2022-08-09 22:23, Ángel wrote:
> On 2022-08-04 at 18:58 +0200, Uwe Brauer wrote:
> > 
> > Hi 
> > 
> > So is there any other way to run find and some other script to find
> > suspicious  files? Google is not really helpful
> > 
> > Regards
> > 
> > Uwe Brauer 
> If you suffer a ransomware attack I would say your problem won't be
> *noticing* that. If you didn't, that's a failure by the attackers. They
> want you to notice (once they're finished), so that they get paid.
> Most often, they will change the extension (.ransom, an email
> address...) as well as include a ransom note on every directory.
> Once you find what pattern they used, it's simple to find all other
> files like that.

I check for certain filename patterns and/or modified files (comparing
to pre-created hashes) before initiating a backup.

Best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220810/547c8880/attachment.sig>

More information about the Gnupg-users mailing list