AntiRansom - Fighting against Ransomware using Honeypots

Friday, July 8, 2016


AntiRansom is a tool capable of detect and stop attacks of Ransomware using honeypots.

First, Anti Ransom creates a random decoy folder with many useless random documents (Excel, PDF) and then it monitors the folder waiting for changes. When a change is detected, AntiRansom tries to identify wich process is the responsible of such change and then stops it and dump the memory process (hopefully the key or password that is being used by the ransomware is inside)


Video

Installation

If you have direct connection to Internet:
execute setup.exe


Choose 'Install'
If you don't have direct connection to Internet:
First, download procdump from sysinternals and copy the zip file to the AntiRansom folder
And execute 'setup.exe'

To uninstall Anti Ransom, you MUST save the folder contents because uninstall instructions are inside it. So, AntiRansom will go unnoticed without using native install facilities from Windows. To uninstall Anti Ransom, use setup.exe and then press Uninstall.




Subscribe via e-mail for updates!