Open Source Ransomware Detection

Stop ransomware.
Before it spreads.

RANZER monitors your files in real time, identifies encryption patterns using entropy analysis and decoy files, and terminates ransomware the moment it's detected.

Free and open source  ·  Windows & Linux

Real-Time Detection
Auto-Terminate
Honey File Engine
Windows & Linux
100% Open Source

Every layer of protection.

RANZER combines multiple detection methods so no ransomware slips through undetected.

Real-Time Monitoring

Watches every file event in your directories as it happens - using inotify on Linux and Watchdog on Windows. Zero polling delay.

Entropy Analysis

Measures data randomness in written files. Encrypted content has near-maximum entropy - RANZER catches it before the file is saved.

Honey File Engine

Deploys invisible decoy files inside monitored directories. Any process that reads, modifies, or renames them triggers an immediate CRITICAL alert.

Auto-Terminate

When threat score reaches CRITICAL, RANZER kills the ransomware process automatically - no user action required, no seconds wasted.

Process Identification

Pinpoints the exact PID responsible for suspicious writes using I/O tracking - on Linux via /proc, on Windows via continuous io_counters polling.

Cross-Platform

Native implementation for both Linux and Windows. Same detection accuracy, the same GUI, purpose-built for each OS's file system and process model.

Three steps. One shield.

From install to protection in minutes. RANZER runs quietly in the background and acts the moment a threat is confirmed.

01

Monitor

Choose the directories you want to protect. RANZER deploys honey files, starts watching file events, and begins tracking process write rates - all immediately.

02

Detect

Every file event is scored. Entropy spikes, honey file touches, and write rate surges each contribute to a threat score. Signals are correlated across all detection layers.

03

Terminate

When the score reaches CRITICAL, RANZER terminates the ransomware process instantly. The GUI shows you exactly which process was caught and why.

Get RANZER.

Available for Windows and Linux. Install in minutes with the one-click installer or set up from source via GitHub.

Windows

RANZER for Windows

One-click installer for Windows 10 and 11. Includes the full GUI, auto-start, and Start Menu integration. Run as Administrator to install.

Requires Python 3.10+  ·  Windows 10 / 11

Linux

RANZER for Linux

Debian package for Ubuntu, Debian, and derivatives. Includes the full GUI, system service integration, and desktop launcher.

Ubuntu 20.04+ / Debian 11+ / Kali  ·  amd64 & arm64

Install from source.

Prefer GitHub? Clone the repo and run directly. No build step required - just Python and the dependencies.

# Clone the repository
git clone https://github.com/RIVIRU05/Ranzer.git
cd ranzer

# Install dependencies
pip install -r requirements.txt

# Launch the GUI
python3 -m ranzer gui

# Or run from CLI (monitor a directory)
python3 -m ranzer monitor --dir ~/Documents --auto-terminate
# Clone the repository (PowerShell or Git Bash)
git clone https://github.com/RIVIRU05/Ranzer.git
cd ranzer

# Run the installer (as Administrator)
# Right-click install.bat → "Run as administrator"
install.bat

# Or launch directly without installing
pip install -r requirements.txt
python -m ranzer gui

View the full source on   GitHub →

Protect your machine today.

Free, open source, and takes minutes to set up. Your files deserve better than hoping ransomware never comes.

Download for Windows Download for Linux

Developed as part of an academic project at
Victoria University, Melbourne, Australia