No, it works purely on deletions. There's no functionality to assess 'how many copies' as a possible alarm (how many is 'unusual' anyway? Plus the malware might well only encrypt some file-types and leave others clean, screwing up your estimates).
Bear in mind the malware may not change the LastMod and Size of the files (?) it targets, so it might only trigger copying encrypted originals over clear copies if you have hash comparison set (which certainly would detect/constitute 'a difference'), but no guarantee. Just encrypting a file might change the size, for example.
Note also that there's no guarantee a particular malware strain won't crawl up the pipe and encrypt the backups too, if it can reach them (though FTP backup or Cloud in Pro might solve that part)
Bear in mind the malware may not change the LastMod and Size of the files (?) it targets, so it might only trigger copying encrypted originals over clear copies if you have hash comparison set (which certainly would detect/constitute 'a difference'), but no guarantee. Just encrypting a file might change the size, for example.
Note also that there's no guarantee a particular malware strain won't crawl up the pipe and encrypt the backups too, if it can reach them (though FTP backup or Cloud in Pro might solve that part)