In order to reduce the loss caused by the attack of ransomware, this paper proposed a framework (AntiRansomware System, ARS) based on the family characteristics and the traditional malicious code detection technology. Specifically, a method is proposed to detect ransomware based on file behavior statistics. It uses the minifilter to collect the file behavior information of benign and ransomware as train set, and uses a variety of supervised classification algorithms to train classifier for runtime detection. Then, the copyonwrite technology is utilized to dynamically backup modified files in the program at runtime, and the detection results are used to determine whether to restore files. Finally, a prototype system is developed and tested. The results show that, under the premise of ensuring the security of the data file, the ARS framework can effectively prevent the ransomware attack and reduce the harm of ransomware.