Ransomware has been an ongoing issue since the early 1990s. In recent times ransomware has spread from traditional computational resources to cyber-physical systems and industrial controls. We devised a series of experiments in which virtual instances are infected with ransomware. We instrumented the instances then collected resource utilization data across a variety of metrics (CPU, Memory, Disk Utility. fan speed, etc.). We design a change point detection and learning method for identifying ransomware execution. Finally, we evaluate and demonstrate its ability to detect ransomware efficiently in a rapid manner when trained on a minimal set of samples to try to preserve data. Our results represent a step forward for defense, and we conclude with further remarks for a critical path forward.