Ransomware is software that uses encryption to disable access to data until a ransom is paid and such attacks have increased steeply in recent times. The best current practice to minimize the impact of ransomware attacks include periodic backups and airgapped immutable copies. However, undetected attacks can corrupt data before backups, making backups unusable. Detecting ransomware attacks quickly and flagging the damaged content enables fast recovery and business continuity. We present some features of our ransomware attack detection algorithms prototyped and run on a sandboxed but realistic environment that successfully detected the live ransomware attacks from open source repositories.