Skip to content

root-acch/NotInfecktya

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
Installer
Installer
 
 
LogoServices
LogoServices
 
 
NotInfecktya
NotInfecktya
 
 
NotInfecktyaGraphical
NotInfecktyaGraphical
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

NotInfecktya

logo

About

NotInfecktya is a modern cybersecurity solution to defend users and companies from ransomwares👾, made totaly on windows kernel mode. It counts with a beatiful graphical interface to show the informations for the users around start and stop the driver, open the backup folder(Notice that the driver have to be stopped to the user can recover their data), and be able to release the backup space from on disk. If the company wants to do some programmatic operation on file system, they need to connect on driver and use the interface token, entering in contact with our team we can provide some code for reference.

Detection Features

Infecktya Soldier

Our honeypot system works on kernel mode using of windows file listing preference, where it have files with different terms at the beginning of the file like: ._, aa, zz. it has three archives with .txt and .docx termination for in the case of ransomware tries to filter the list by extension This make the files appear in the beginig or on the end of ransomware's encryption list.

logo

Infecktya Bad_End

Our common extension blacklist prevents the creation/renaming of files with a specified ending considered potentially malicious

logo

Infecktya Binary Shield

Our entropy monitoring compares the old file that is in the backup with the changed one and checks if it was totaly encrypted by magic bytes or if happened a more than two files changes in less than 10 seconds

obs:

  • if the user wants to make a large change to the files he can use our token to do so

logo

BackFromDead

our backup which has kernel protection of folders that saves on every write operation of a file where only the user can access the files contained in it turning off the driver via graphical interface

obs:

  • Clean the backup every now and then... we don't have a self-cleaning mechanism yet

logo

Next Steps -> coming soon

  • NotInfecktya Persistence
  • Soldiers Auto-Generator
  • Backup Updates
  • PPID Terminate

Dependencies

  • Install .Net 6

Install / use

Disable Windows protection against unsigned drivers by cmd:

bcdedit.exe /set testsigning on

Execute NotInfecktyaInstaller.exe to run the setup, after that, open the application and click on "Add Soldiers" to add the decoy files (it takes around 5 minutes).

On complete, click on the button "on" to start the driver and get your token...

Now your system are safe, Thanks for choose us!!!😁

logo

About

Anti-Ransomware Detection Tool

Topics

kernel wpf ransomware malware-detection ransomware-detection windowskernel

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages