Sign in to follow this  
Followers 0
Nicholai

Development of minor project

By Nicholai, in Malware and Computer Security

Recommended Posts

Nicholai    0

Nicholai
Posted

Hello,

I'm currently working on a piece of software that notifies you, in case your system is currently under attack by ransomware. But I'm a little stuck right now, and I'm wondering if anyone could give an idea?

I'm aware that signature scanning and so on could be useful at some points, but I can't wrap my head around how I would see somewhat exactly, if a ransomware is encrypting the files, other than looking at signs of it, which could trigger an endless amount of false positive, unless done really really specifically. I have attached a log, made on a test environment where I have executed a random ransomware that was found hidden in a client's email system(Just a Globe3 - Thanks to Emsisoft for providing the decrypting tool)

If anyone could give an idea or two, it would really help me out!

Thank you for your time.

 

Filelog.txt

Share this post

Link to post
Share on other sites

Elise    242

Elise
Posted

Hello,

While I understand the endeavor, unfortunately developing something like that without false-positives is not a minor project. :) We include this in our Behavior Blocking technology at Emsisoft and it takes continuous work to ensure it blocks all ransomware but does allow legitimate programs as well.

Share this post

Link to post
Share on other sites

Nicholai    0

Nicholai
Posted
4 minutes ago, Elise said:

Hello,

While I understand the endeavor, unfortunately developing something like that without false-positives is not a minor project. :) We include this in our Behavior Blocking technology at Emsisoft and it takes continuous work to ensure it blocks all ransomware but does allow legitimate programs as well.

I see. I just call it minor, since it won't be released nor advertised with, it's just for personal use on our servers here :)

Share this post

Link to post
Share on other sites

Elise    242

Elise
Posted

Depending on what you use the servers for and how important any data is, I strongly recommend you to invest in a reliable backup system and security software instead. It might also be a good idea to ensure you use strong RDP passwords to avoid server hacks (no matter what security you have in place, if the server is hacked via RDP, an attacker can bypass anything).

  • Upvote 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Malware and Computer Security

  • Recently Browsing   0 members

    No registered users viewing this page.