Detection & Evasion

How does Elastio detect intermittent encryption?

Modern ransomware encrypts alternating 4KB blocks, so the entropy change stays below the statistical noise floor and file sizes are unchanged — entropy- and anomaly-based tools see nothing unusual and the backup completes flagged clean. Elastio’s Deep File Inspection validates the internal file structure and produces a deterministic pass or fail per file, per recovery point, regardless of entropy.

Last updated May 27, 2026

Related terms

Deep File Inspection

Related Elastio resources

BlogThe Accuracy Gap: Why Anomaly and Entropy Detection Fail

See how Elastio proves clean recovery

Elastio hunts for ransomware inside your live, replicated, and backup data and pinpoints the last recovery point proven clean.

Explore the platform Request a demo

Related questions

Can Elastio detect insider threats?What about attacks that use no ransomware binary, such as the Codefinger attack?What threats besides ransomware does Elastio find?Why is anomaly or entropy detection not enough?What results has Elastio seen across customers?How does ransomware bypass security?

PreviousCan Elastio detect zero-day or unknown ransomware?NextCan Elastio detect insider threats?