This doesn't seem to do much against encrypting malware though
Most data files and all executables have a fixed header, encryption will generally corrupt that so it should be possible to detect most cases of encryption on the fly.
Just look to see if the first few bytes of a file change, if so backup the original and then if there are a lot more similarly affected files stop the operation and ask the user if it was intentional.
The idea needs refinement but it should be possible to make it work pretty well.