// the find
root-acch/NotInfecktya
Anti-Ransomware Detection Tool
NotInfecktya is a Windows kernel-mode ransomware detection driver paired with a WPF GUI, aimed at blocking ransomware through honeypot files, extension blacklisting, entropy monitoring, and an automatic backup system. It's a student/hobbyist security project — the kind of thing you build to learn Windows kernel development, not something you'd deploy on a production machine.
The honeypot approach is sound in principle: placing decoy files with aa/zz prefixes exploits the fact that many ransomware strains encrypt alphabetically, giving you early warning before real files are touched. The multi-layered design — honeypots plus extension blacklist plus entropy comparison — means any one layer failing doesn't leave you blind. Doing the backup at kernel level with protected folder access is the right place to put it; userland backup solutions get encrypted too. The WPF GUI for driver start/stop and token management is a reasonable interface for something this low-level.
Requires disabling Windows driver signature enforcement (`bcdedit /set testsigning on`), which is a significant security regression — you're weakening your OS to install a security tool. No self-cleaning backup mechanism is admitted in the README, so the backup volume grows unboundedly until the user manually purges it. The entropy check threshold (two file changes in 10 seconds) will false-positive on any bulk file operation — a build system, a photo importer, or a database backup would trip it. The project hasn't been touched since September 2023, has 8 stars and zero forks, and ships compiled binaries in the repo alongside source — not something you'd trust near production data.