Abstract: Method and device for detecting encryption, in particular for anti-ransomeware software. The invention relates to a device for detecting encryption, comprising a computer (1) with a central processing unit (4) and a memory, which comprises a random-access memory (9) and a mass memory unit (6) comprising files. The central processing unit (4) cooperates with the random-access memory (9) and with an operating system (10) which comprises a core (12) and which is capable of having processes (18) carried out by the central processing unit (4); said processes (18) are divided into wires (20) and may comprise functions for accessing the files. A statistical model for ordinary writing to the header of a file is stored in the memory (6, 9).