logisland
logisland copied to clipboard
add a detection of ransomware (encrypting disk) and action generator to isolate machine
Expected behavior and actual behavior.
Steps to reproduce the problem.
Specifications like the version of the project, operating system, or hardware.
could you please provide some detection strategies or some web links to help specifying the feature
this URL gives some interesting hints for detecting ransomware (huge amount of file activity - renamings, etc.) https://www.netfort.com/blog/methods-for-detecting-ransomware-activity/