/AntiRansom

Fighting against ransomware using honeypots

Primary LanguagePythonGNU General Public License v2.0GPL-2.0

AntiRansom

Fighting against ransomware using honeypots

See the project's page http://www.security-projects.com/?Anti_Ransom

CHANGES IN V5

1- Use handle from Sysinternals to track access/modify the honeyfolder (better accuracy)

2- When new process access the honeyfolder, AntiRansom checks the authenticode signature of the process, if its OK, then alert, if not, stop the process and alert

3- Added a new parameter "enforced" to enforce blocking without user intervention, useful for large deploy (AntiRansom blocks the threat and log into Eventlog)