 Hello, my name is Matthias Heldt and I wrote my mother's thesis at the University of Constance with the topic ransomware detection and today I'm going to talk about undoing a ransomware infection. Ransomware differs from classical malware where the classical malware normally works and stealth and performs all the behavior undetected, hopefully. But ransomware encrypts your files, modifies your files and afterwards notifies you with such a pop-up or desktop icon where they request you that you pay a ransom of here $600 and this behavior that at the end is fully visible what it has done is used by us to analyze the behavior and to say what's done. At first as we started our project we thought about solving this problem in real-time with real-time detection, protection and recovery, but at first we tried to implement this as a file system driver we noticed that our analysis has not enough time together enough information to recover the files. Because we need this information to reduce or remove the false positives because false positives leads to false recoveries and false notifications of the user which can be really annoying if you have to undo these false recoveries. Also, the bump in the wire approach which we tackled the next was also with the same results we don't have enough time to perform our analysis and our last hope with the real-time solutions where the file service synchronization process where we hope to get more information, but this also failed. So we thought that it was maybe a better option to use a backup strategy because a backup strategy offers you protection against ransomware attacks and to use our methods to offer an easy way to recover all the mess left behind by ransomware and the problem with a backup strategy on a local host is that if you use an external hard drive to store your backups some ransomware families can easily encrypt the backups and so you lose all your data and also your backups. So we thought yeah, maybe we can use a cloud storage like next cloud where we have a double existence of the files and also a good backup strategy like trash bin and file versioning which offers all the utility that we need to perform our analysis. So I developed an application called ransomware detection which offers synchronization monitoring which color codes your synchronized synchronization according to the suspicion suspiciousness and also offers easy-to-way world back method just with one click where you have a process of file changes and you can select all the processes at what once or deselect one file and in future, we hope that we also can offer a file scan which allows you to recover all the files after a ransomware attack happens without the application installed. So the ransomware detection happens your style application and also can roll back all the mess. And if you'd like to ask me something or contribute just email me ask me here or contact me via my GitHub. Thank you.