I'm currently working on a piece of software that notifies you, in case your system is currently under attack by ransomware. But I'm a little stuck right now, and I'm wondering if anyone could give an idea?
I'm aware that signature scanning and so on could be useful at some points, but I can't wrap my head around how I would see somewhat exactly, if a ransomware is encrypting the files, other than looking at signs of it, which could trigger an endless amount of false positive, unless done really really specifically. I have attached a log, made on a test environment where I have executed a random ransomware that was found hidden in a client's email system(Just a Globe3 - Thanks to Emsisoft for providing the decrypting tool)
If anyone could give an idea or two, it would really help me out!
Thank you for your time.