RaTS does not prevent the Ransomware to do its bad work, but it can help to find evidences of the existence of Ransomware in your environment (filesystems).
RaTS is especially useful to periodically monitoring network share or external drive to find evidences of the presence of Ransomware. You can configure it as a batch task in a client machine, but the way it works does not fit very well with this use case.
What RaTS can do
+ find traces of the manifests (TXT or HTML) that Ransomware leaves in the filesystem: around the manifest you can find some crypto stuff…
+ find crypto stuff in the file system
+ produce outcome CSV files that allow you to analyze the state of your drives (network, NAS, external)
+ send the outcome to a configured email
What RaTS cannot do
– prevent the Ransomware encryption
+ Python 3.5 or Higher
Usage and Download:
git clone https://github.com/robo3945/RaTS && cd RaTS
pip3 install -r requirements.txt
pyton3 rats.py -h