APh

Inspiration

As a six year old child, I often downloaded software from suspicious sites onto my personal laptop and desktop, leaving me with a unique ecosystem of viruses to navigate. This experience exposed me to all types of malware (typically through being attacked by it), including adware, trojans, keyloggers, fork bombs, worms, and of course ransomware. Luckily, I didn't have any important data at the time, but losing access to my system was still a terrifying experience that taught me to religiously backup my devices regularly. This project is what I wish I was able to do back then.

What it does

Our innovation provides an early warning system that alerts users to suspicious activity, enabling them to identify and terminate potentially harmful processes, such as ransomware, at an early stage. By utilizing the Win32 API and a certainty factor algorithm, our solution tracks events and monitors it in real time for indicators of ransomware presence. These indicators include behaviors such as the renaming of documents to include consistent strings of characters and high volumes of outbound traffic.

When such conditions are detected, our system generates a Windows alert to notify users of the suspicious activity. This alert not only raises awareness but also offers users the option to terminate the process, thus preventing potential ransomware attacks from causing significant damage.

How we built it

This project is assembled using Go, as it has easy access to the Win32 api to handle system processes, and is relatively faster to script under time crunch than C/C++/C#. We utilize the Walk framework for a GUI.

Challenges we ran into

Criteria to determine suspicious activity and minimize false positives, the relatively challenging win32 api, scoping down the immense volume of system processes, and above all, lack of time.

Accomplishments that we're proud of

We were able to collaborate independently

What we learned

Walk!

What's next for APh

More hackathons together

Built With

• go
• walk
• win32