This is an experimental and incomplete program for detecting if any ransomware is attacking your files. Currently is in alpha stage.
Ransomwares are malicious program which will try to encrypt all your files in background, and ask you for money in order to decrypt.
- This program will start track the "honey pot" files named and located with file extention and path which will likely to be encrypted by ransomwares.
- Once the file is opened by other program (i.e. file lock is created), this program will immediately kills those process as those should consider ransomwares.
You may give it a try, but currently there is no guarantee that it can be 100% accurate.
Currently, detection speed is not fast enough and it may miss some of the fast file I/O events between detetion cycles, large files may have longer lock time as they needed more time to encrypt. Also someone told me that ransomwares likely to choose the large file to be encrypt first, therefore large "honey pot" files may be more accurate :)
- https://blogs.msdn.microsoft.com/oldnewthing/20120217-00/?p=8283
- https://stackoverflow.com/questions/317071/how-do-i-find-out-which-process-is-locking-a-file-using-net
Yes, go on fork one and modify it!