![Posted by a snivelling, miserable coward Anonymous Coward](/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/icons/comment/anonymous_48.png)
InterceptX
I have a program that does the same as InterceptX... I was going to release it as open source.. but did not when I realized it is pointless against well designed ransomware.. it only works for data corruption.
The reason for this, is you can create a driver for the filesystems.. and all appears to be "ok", with no file access and modifications.. but in the back the files are being encrypted.. only the driver shows the data, as it has the key, and all is ok.
Then, at some point, the key is erased and the ransomware demands money.
InterceptX would have detected nil, for this is a basic form of rootkit, and it has no chance in detecting that.
As for patches, of course you have to do that, but there are many 0 day attacks delivered by banners.. so I would say, patch, block ads, and not only have a proper onsite backup, but also an online backup system or something you cannnot acces as a share/drive that stores files with versioning.
It is a bit sad that governments would hoard 0-days, have compromised Tor for their nefarious purposes, yet dont use that to stop cybercriminals.