Sign in to follow this  
Nicholai

Development of minor project

Recommended Posts

Hello,

I'm currently working on a piece of software that notifies you, in case your system is currently under attack by ransomware. But I'm a little stuck right now, and I'm wondering if anyone could give an idea?

I'm aware that signature scanning and so on could be useful at some points, but I can't wrap my head around how I would see somewhat exactly, if a ransomware is encrypting the files, other than looking at signs of it, which could trigger an endless amount of false positive, unless done really really specifically. I have attached a log, made on a test environment where I have executed a random ransomware that was found hidden in a client's email system(Just a Globe3 - Thanks to Emsisoft for providing the decrypting tool)

If anyone could give an idea or two, it would really help me out!

Thank you for your time.

 

Filelog.txt

Share this post


Link to post
Share on other sites

Hello,

While I understand the endeavor, unfortunately developing something like that without false-positives is not a minor project. :) We include this in our Behavior Blocking technology at Emsisoft and it takes continuous work to ensure it blocks all ransomware but does allow legitimate programs as well.

Share this post


Link to post
Share on other sites
4 minutes ago, Elise said:

Hello,

While I understand the endeavor, unfortunately developing something like that without false-positives is not a minor project. :) We include this in our Behavior Blocking technology at Emsisoft and it takes continuous work to ensure it blocks all ransomware but does allow legitimate programs as well.

I see. I just call it minor, since it won't be released nor advertised with, it's just for personal use on our servers here :)

Share this post


Link to post
Share on other sites

Depending on what you use the servers for and how important any data is, I strongly recommend you to invest in a reliable backup system and security software instead. It might also be a good idea to ensure you use strong RDP passwords to avoid server hacks (no matter what security you have in place, if the server is hacked via RDP, an attacker can bypass anything).

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.