finds.dev← search

// the find

root-acch/NotInfecktya

★ 8 · C · Apache-2.0 · updated Sep 2023

Anti-Ransomware Detection Tool

NotInfecktya is a Windows kernel-mode ransomware detection driver paired with a WPF GUI, aimed at blocking ransomware through honeypot files, extension blacklisting, entropy monitoring, and an automatic backup system. It's a student/hobbyist security project — the kind of thing you build to learn Windows kernel development, not something you'd deploy on a production machine.

The honeypot approach is sound in principle: placing decoy files with aa/zz prefixes exploits the fact that many ransomware strains encrypt alphabetically, giving you early warning before real files are touched. The multi-layered design — honeypots plus extension blacklist plus entropy comparison — means any one layer failing doesn't leave you blind. Doing the backup at kernel level with protected folder access is the right place to put it; userland backup solutions get encrypted too. The WPF GUI for driver start/stop and token management is a reasonable interface for something this low-level.

Requires disabling Windows driver signature enforcement (`bcdedit /set testsigning on`), which is a significant security regression — you're weakening your OS to install a security tool. No self-cleaning backup mechanism is admitted in the README, so the backup volume grows unboundedly until the user manually purges it. The entropy check threshold (two file changes in 10 seconds) will false-positive on any bulk file operation — a build system, a photo importer, or a database backup would trip it. The project hasn't been touched since September 2023, has 8 stars and zero forks, and ships compiled binaries in the repo alongside source — not something you'd trust near production data.

View on GitHub →

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →