runt1me
commented
1 year ago Recently learned that malware samples can be found at vx-underground (https://www.vx-underground.org/malware.html). This could be a good place to find Ransomware samples for our testing. Obviously do not touch anything if you do not know what you are doing so that you don't accidentally RW yourself.
@EccentricKnight thoughts on this?
I will start out by saying that this might be a completely dumb idea because it may be incredibly obvious when a ransomware has executed on a device. Frankly I need to put some more time into researching how different RW variants work to see if they try to be sneaky or if detection is always easy.
Nonetheless, we could perhaps look at holistic analytics across a device (or network for that matter): -files that don't normally update are updating -lots of files changing in a very short period of time -file sizes or extensions changing in a predictable manner
Estimated story points: ??