{"id":15649561,"url":"https://github.com/zelon88/ransomware_defender","last_synced_at":"2025-07-11T20:02:05.973Z","repository":{"id":72821909,"uuid":"204045463","full_name":"zelon88/Ransomware_Defender","owner":"zelon88","description":"A Windows Logon / Startup / Scheduled Task Script for Ransomware Detection \u0026 Early-Warning","archived":false,"fork":false,"pushed_at":"2019-11-18T21:14:11.000Z","size":1196,"stargazers_count":39,"open_issues_count":0,"forks_count":3,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-23T14:02:21.446Z","etag":null,"topics":["antivirus","av","defender","email-notification","ransomware","ransomware-defender","ransomware-detection","ransomware-mitigation","ransomware-prevention","security","startup","vbs"],"latest_commit_sha":null,"homepage":"https://www.HonestRepair.net","language":"Visual Basic","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zelon88.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-08-23T17:51:56.000Z","updated_at":"2025-03-31T14:07:07.000Z","dependencies_parsed_at":"2023-05-31T04:11:23.742Z","dependency_job_id":null,"html_url":"https://github.com/zelon88/Ransomware_Defender","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zelon88/Ransomware_Defender","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zelon88%2FRansomware_Defender","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zelon88%2FRansomware_Defender/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zelon88%2FRansomware_Defender/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zelon88%2FRansomware_Defender/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zelon88","download_url":"https://codeload.github.com/zelon88/Ransomware_Defender/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zelon88%2FRansomware_Defender/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264890029,"owners_count":23678825,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["antivirus","av","defender","email-notification","ransomware","ransomware-defender","ransomware-detection","ransomware-mitigation","ransomware-prevention","security","startup","vbs"],"created_at":"2024-10-03T12:30:15.874Z","updated_at":"2025-07-11T20:02:05.948Z","avatar_url":"https://github.com/zelon88.png","language":"Visual Basic","funding_links":[],"categories":[],"sub_categories":[],"readme":"NAME: Ransomware_Defender\r\n\r\nTYPE: VBS Script\r\n\r\nPRIMARY LANGUAGE: VBScript\r\n \r\nAUTHOR: Justin Grimes\r\n\r\nORIGINAL VERSION DATE: 8/23/2019\r\n\r\nCURRENT VERSION DATE: 11/18/2019\r\n\r\nVERSION: v1.6\r\n\r\n\r\nDESCRIPTION: An application for early warning about potential ransomware activity on a domain workstation. \r\nOn first run, Ransomware_Defender creates \"Perimiter Files\" in strategic places on the local filesystem.\r\nOn subsequent runs, Ransomware_Defender will check that the perimiter files still exist.\\\r\nIf perimiter files are found we compare them to the original perimiter file. \r\nIf perimiter files are missing they are searched for. \r\nIf perimiterFiles have been tampered with the workstation will emit a Log, an email notification, and shut down to prevent further damage.\r\n\r\n\r\n\r\n\r\n\r\nPURPOSE: To detect malicious file operations early enough that they do not cause widespread damage to company equipment.\r\n\r\n\r\n\r\n\r\nINSTALLATION INSTRUCTIONS: \r\n1. Install Ransomware_Defender into a subdirectory of your Network-wide scripts folder.\r\n2. Open Ransomware_Defender.vbs with a text editor and configure the variables at the start of the script to match your environment.\r\n3. Open sendmail.ini with a text editor and configure your email server settings.\r\n4. Run the script automatically on domain workstations at machine startup or user logon with a GPO. Or both!\r\n5. Run the script automatically with scheduled tasks at regular intervals.\r\n6. To add additional locations for monitoring, add the full absolute path to the \"perimiterFiles\" array.\r\n\r\n\r\n\r\n\r\nNOTES: \r\n1. This script MUST be run with administrative rights.\r\n2. If this script is started in regular user mode, it will prompt for administrator elevation.\r\n3. \"Fake Sendmail for Windows\" is required for this application to send notification emails. Per the \"Fake Sendmail\" license, the required binaries are provided.\r\n4. To reinstall \"Fake Sendmail for Windows\" please visit  https://www.glob.com.au/sendmail/\r\n5. Use absolute UNC paths for network addresses. DO NOT run this from a network drive letter. The restartAsAdmin() function will not work properly.\r\n6. If using as a startup/logon script it is advised to NOT use a conditional that checks for the prescence of the script prior to running it. Doing so could result in a false negative if ransomware damages Ransomware_Defender before it can be run. Errors produced by such a condition would alert users that something was wrong.\r\n7. You may get a single false positive the first or second time the script is run. It is reccomended to either comment out the ojbShell.run line in killWorkstation() for the first couple of runs to give the script a chance to get perimiter files settled.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzelon88%2Fransomware_defender","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzelon88%2Fransomware_defender","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzelon88%2Fransomware_defender/lists"}