Re: Detection better than cure?
How does one detect that a file is encrypted? It is just a sequence of 1's and 0's until an application decides how to process it. Detection online just moves the problem further down the stack. Take an xlsx file as an example. It is just a zip file holding a set of XML documents and other artifacts. What makes it valid? A valid to an online scanner? Is a valid zip file header enough? If so you can expect the encrypted xml document to be added to a valid zip file. It is a seriously hard problem to solve. Regular test restores to clean VMs are the best we have at the minute.