@bytebot
Next part of the Mitsukeru lineup - kernel-level ransomware guard for macOS.
Most ransomware protection is reactive. By the time cloud services like Google Drive ask "Do you want to roll back?", your local files are already encrypted. (to be clear, I love what Google Drive is doing at least ensuring you have a good solid backup).
We're building Mitsukeru Local Encryption & Ransomware Guard (or Mitsukeru LERG) to fix this. We will extend to Microsoft Windows in time.
Instead of scanning for signatures, it uses Tripwires (something we learnt from Linux too):
1. Canary traps - sprinkle invisible "honey-files" (like .sys_config.docx) into your documents. If a process tries to write to them, its immediately frozen (SIGSTOP). No legitimate app ever touches such files but your ransomware that does encryption doesn't know that.
2. Header decapitation - ransomware loves to corrupt file headers, so LERG watches for writes to destroy known headers (PDF, JPEG, etc.) in real-time.
3. Mass mutation - tracks write velocity. Find a process modifying 50 files in 1 second, that's probably not a human at work, LERG intervenes to warn, and stop.
Design philosophy:
- 100% offline including AI agent because you don't want cloud inference
- deterministic without fuzzy guessing
- kernel level, built with Swift and Apple's Endpoint Security framework to intercept events at the source
Might be fully open source as lead gen to also utilise the SaaS component.
0 reply
7 recasts
12 reactions