How to detect and respond to ransomware attacks

Multiple file modifications in a short period of time and evidence of encryption are two telltale signs of ransomware. Using a few simple patterns, DataSecurity Plus can detect these signs of ransomware early on and identify attacks right as they happen. Follow the steps below to configure DataSecurity Plus' automated threat response mechanism to shut down any ransomware attack right at its inception.

 
How to detect and respond to ransomware attacks

E-book: FBI recommendations to prevent ransomware attacks

Learn More

Set up DataSecurity Plus ransomware alert

 

  • 1 Run DataSecurity Plus → Navigate to the Alerts tab → Click New Alert Profile on the top right corner of the page.
  • 2 Name the alert profile and include an appropriate description (e.g., "Potential ransomware attack”).
  • 3 In the Severity tab, select Critical.
  • 4 Navigate to the filter section and add these filters with the following settings:
    • Actions: Create, modify, rename, and file extension change
    • Monitor: All
    • Monitor Type: Files and folders
    • File Types: All
    • Users: All
  • 5 Navigate to Email Notifications and specify one or more email addresses you'd like to send alerts to. Set Email Priority to high.
  • 6 In the Execute Command text box, run the default script (e.g., "{install_location}\bin\alertScripts\triggershutdown.bat %server_name%") which shuts down the infected system.

    Note: You can also execute your own scripts to perform actions tailored to your organization's needs.

  • 7 Navigate to the Threshold Limit section and switch it on → Specify the number of events to be monitored (e.g.,"100 file modifications in one minute").
  • 8 To save the configured alert, click Save.

You have now successfully configured DataSecurity Plus to detect and respond to a scenario where more than 100 files events such as create, modify, and rename are detected within one minute.  As per your organization's needs, you can use the filter option to include or exclude specific file types, users, actions, etc. for more selective monitoring.

ransomware-attack-dload-img

Get DataSecurity Plus easily installed, configured and
running within minutes.

Download Now

ransomware-attack-demo-img

We believe actions speak louder than words. Schedule
a free demo, and see for yourself

Request Demo
Email Download Link