CryptoBlocker

Closed Posted 7 years ago Paid on delivery
Closed Paid on delivery

CryptoBlocker

CryptoBlocker File Server Monitor would be an application you install/run on a windows file server that monitors for activity from a cryptolocker infection on the wider network. If detected it cuts off access to the file server via various methods.

The application is installed on a Windows File server and must be efficient and not consume much processing resources on the file server.

The application monitors for common signs of cryptolocker infections on the network that encrypt files on shared drives. Cryptolocker will encrypt files on an infected PC, and also attack shared drives (on a file server), it does this alphabetically through the folder structure from A-Z. Encrypting shared files on a file server can be damaging if you don’t have backups and a time waste even if you do. This program will cut off all access to shared files to protect them from damage, a system admin will need to find the affected pc and deal with its infection before re-enabling the shared files and access to the file server.

App Setup

- Install Monitoring service

- Open config GUI

- add various 'bait folders' at the top (alphabetically eg. folder name aaaaa or !!!!! ) of the drive structure on shared folders.

- add 'bait files' to the 'bait folders' with random names and common file extensions (eg. .docx .jpg etc)

The application Monitoring...

- monitor these bait files for signs of tampering. Any file extensions changes, size changes, last edited time.

- Option : monitor X number of real files in the drive for changes. If Y% of files have changes in Z minutes the trigger tampering actions.

The application Actions if tampering is detected (All Optional in GUI)

- email alert with server/drive and possibly 'Username of Tamperer'

- disable NIC

- Shutdown server

- Un-Share drives

- Run External program (a configurable file path to a eg. .bat file)

After Actions

- Re-share drives

- Enable NIC

- View Log Files.

- Remove Bait Files

Programming Software Architecture Windows Server

Project ID: #10748638

About the project

5 proposals Remote project Active 7 years ago

5 freelancers are bidding on average $566 for this job

mike199

My name is Mike and I’m from UK. I work with individual clients and also provide outsourcing services for a number of UK and USA based agencies. Your project description sounds interesting to me and I do have skills & More

$555 AUD in 10 days
(2 Reviews)
4.3
dreamITbd

hi this can be possible only with attention on specific activity list / complete features list. i can guaranty its completion only if you provide my queries throughout a good working environment/ communication process More

$600 AUD in 18 days
(10 Reviews)
0.0
KareemKnight

I can implement a solution without having to install/create software. My solution will involve GPOs and builtin File Server Management for the server. I have successfully done this on the network that I manage.

$555 AUD in 10 days
(0 Reviews)
0.0