Reply to post:

'R2D2' stops disk-wipe malware before it executes evil commands

DJO Silver badge

This doesn't seem to do much against encrypting malware though

Most data files and all executables have a fixed header, encryption will generally corrupt that so it should be possible to detect most cases of encryption on the fly.

Just look to see if the first few bytes of a file change, if so backup the original and then if there are a lot more similarly affected files stop the operation and ask the user if it was intentional.

The idea needs refinement but it should be possible to make it work pretty well.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019