search

prestoncooper / RansomwareDetectionService

This program detects all present and future ransomware in Windows file shares or local drives for Windows file servers. I created this windows service to aide system administrators not average users.
Other
14 stars 11 forks source link

Does it work in realtime? #4

Open vishalv26 opened 3 years ago

vishalv26 commented 3 years ago

Hi,

Does it work in Realtime?

I mean my ideal methodology would be like if the number of modified files in last hour is more than 1000 then it runs the shutdown command?.

Can this be achieved with this?

Expecting a positive response.

RoshniDodhi commented 3 years ago

Hey, are you working on this project currently ? Did the email feature work for you ? Hoping for a positive response.

prestoncooper commented 3 years ago

Read the documentation. This service uses the honey pot method to detect when a ransomware hits a network file share. This method makes it possible to monitor multiple servers and multiple file shares with minimal impact on performance. There are vendors that sell EDR security software that can monitor modified files. My software also helps with determining which files were modified after an attack and help you recover your file shares if you have backups to compare to. Sometimes ransomware will only target specific file extensions and you need to compare your backup vs the compromised data.