Hi Loganaden,
One method you might also be interested in, which I found years back, is
to set some kernel inotify watch on a directory which lead to the
directory where you have the files you wish to protect from the
ransomware. As soon as you see a directory traversal being done on the
directory you're "watching", you deference the directory structure in it
from the disk making everything in it go "invisible" and right afterward
you reference everything back. As such, when the ransomware pulls up a
listing of files it needs to encrypt, it will surely end up being caught
by your "watcher" and all files "protected" by your "watcher" will be
invisible to it.
I did not investigate too much as to implement my own solution but I
thought it might be helpful. It still has some obvious grey spots but is
interesting to consider in my honest opinion :)
Regards, Mike
--
http://www.fastmail.com - A fast, anti-spam email service.
Received on Mon Feb 15 2016 - 00:24:47 PST