RANSec

In today’s increasingly digital world, ransomware attacks have become one of the most devastating cyber threats, targeting everything from personal laptops to hospital servers and financial institutions. Seeing how ransomware can paralyze systems, leak sensitive data, and demand heavy ransoms, we felt compelled to build something proactive, intelligent, and affordable. This led to the birth of RANSec, a real-time ransomware detection and response system built for everyday users and small businesses, not just tech giants. How We Built It RANSec is a multi-layered system built using: Python for backend scripting and file behavior monitoring. TensorFlow for training an ML model that detects suspicious file activity. Flask to serve a sleek, real-time dashboard. System Hooks and Watchdog API to monitor key folders and trigger alerts. Browser Automation to auto-launch the dashboard on detection. SQLite & JSON logs to store file behavior and attack history.

We integrated the system to start automatically at system boot, keep an eye on critical directories, and respond instantly to suspicious behavior — all with live logs, quarantine options, and notifications What We Learned How ransomware operates at a file system level, such as rapid encryption patterns and extension hijacking. Building lightweight ML models for file behavior classification. Handling cross-platform compatibility issues when dealing with real-time file monitoring and autorun services. Crafting a simple but effective UI to make a technical product usable for non-technical users.

We also dived deep into threat modeling, data labeling for anomaly detection, and working with startup-like product architecture under time constraints.

Challenges We Faced 1. Real-time Monitoring Overhead Ensuring the file system monitor ran efficiently in the background without slowing down the system was a core technical challenge. 2. False Positives Early versions of our model falsely flagged system updates and antivirus activity. We tuned the model and introduced rule-based filtering to reduce this. 3. Auto-start on Boot (macOS and Windows) Implementing cross-platform startup automation and ensuring persistent background monitoring took considerable low-level scripting and testing. 4. Data Collection & Simulation Getting safe ransomware samples and creating a synthetic dataset without risking real infection required controlled environments and a lot of simulated attack data generation.

RANSec isn’t just a hackathon project — it’s our step toward democratizing cybersecurity with AI.

Built With

• html/css/javascript
• macos
• matplotlib
• python
• scikit-learn
• seaborn
• tensorflow
• watchdog