How I created honey files with Go for ransomware activity detection and prevention
In this blog, I will share my experience making honey files with go to detect ransomware activity.
What are honey files ?
Honey Files works as honeypot logic. My program creates random files and watches these files.
How does the program work?
I draw a basic diagram of how the program works.
This program creates random text files recursively in the current directory and watches. When the honey files are edited it kills the process which editing files. And log the process id at the same time. I know this is not the most effective way against ransomware. Ransomware encrypts files very fast. If we catch the encrypting process we can stop theroticly . This is my motivation to create this project.
How to Create File?
I have created a randomly named file with these two functions. Located in contractor.go
How to monitor file?
I am watching files with these two functions. Located in watcher.go
How to kill process?
I am using PowerShell for the killing process. You can check details from kills.go
Screen Shot of the real-time running app
To sum up, I am still developing this project. It can evaluate the different directions with your comment please don't hesitate to give a comment to my project. Thanks for reading :)
Project link:
