|
|
|
|
|
|
by KMag
1217 days ago
|
|
|
This is good. Some antivirus programs run this check, but some ransomware adapted by encrypting 16-byte AES blocks every so often in the file, so that the file becomes useless without entropy increasing too much. Also, JPEG, PNG, .jar, .xlsx, etc. are already compressed, so pretty high entropy to begin with. As others have pointed out, the growth rate of your de-duplicated backup size is probably the best way to detect ransomware. |
|
|