add a detection of ransomware (encrypting disk) and action generator to isolate machine

Open lhubert opened this issue 7 years ago • 2 comments

Expected behavior and actual behavior.

Steps to reproduce the problem.

Specifications like the version of the project, operating system, or hardware.

Mar 17 '17 14:03 lhubert

could you please provide some detection strategies or some web links to help specifying the feature

Mar 20 '17 09:03 oalam

this URL gives some interesting hints for detecting ransomware (huge amount of file activity - renamings, etc.) https://www.netfort.com/blog/methods-for-detecting-ransomware-activity/

Mar 20 '17 11:03 lhubert

logisland logisland copied to clipboard

add a detection of ransomware (encrypting disk) and action generator to isolate machine

Expected behavior and actual behavior.

Steps to reproduce the problem.

Specifications like the version of the project, operating system, or hardware.

logisland
logisland copied to clipboard