There is a simple way to detect ransom/crypto ware that would be hard to defeat. Just have your data drives read by a another operating system that is independent of the one you usually use. Your "foreign" system should fail to successfully read ransomware encrypted files, telling you that your working operating system has been infected. This can be as easy as having Linux read Windows files or vice versa. The anti-malware/anti-virus people could also implement something that effectively does the same, although it would be a bit more difficult to do that within your usually operating system. Simply having a guaranteed uncontaminated machine running your usual operating system reading the working systems data disks might possibly do. The bad guys would have a problem trying to hide from a file reading process that is independent of the system they have contaminated.
The Register 
Biting the hand that feeds IT
About Us
Our Websites
Copyright. All rights reserved © 1998–2024
