This is the project to build an anti ransomware apps that could protect every OS important files NEW UPDATED : ON PROGRESS DETECTOR FOR WINDOWS VERSION works on all windows system desktop or server Phase 1 Project :
building simple detector based on blacklist and whitelist process that will be filtered by detector go script
Update Progress : Completed Phase 1 Project
how to use (protector):
- copy all files into any path as you want,
- requirement golang-go with minimum 1.16.x version
- make sure golang running, check with : go version
- inside the project path : change e-mail address and subject e-mail as you want, or "/etc" path or any important system path
- save file, change / clean whitelist.json and blacklist.json and replace with empty array json : []
- go mod init "app_name"
- go mod tidy
- first time : go run detectup.go
- open second console SSH : cd /etc && touch test.txt && mv test.txt test2.txt
- stop go run detectup.go ( CTRL + C )
- edit blacklist.json clean up again with []
- edit whitelist.json add or edit the process as you desire that eligible or safe for the server
- go build
- for background process : nohup ./"app_name"
- close SSH session
- done - the protector will always detect any change especially mv or changes in /etc or any core file system
how to simulate ransomware (maskingfile) :
- copy maskingfile.go to different path
- go mod init v1 or other app name
- go mod tidy
- go build
- touch /etc/test123.txt
- run v1 or appname
- this process should be killed by detectup if the detectup already running
Phase 2 Project : create API for pooling all protector services in all servers create UI in php/html for monitoring status protector fix update : detection.json for event monitoring
Phase 3 Project : using Machine Learning to analyze process that could be hazardous for systems create AI to memorize events and preventing infectious programs.