Support
 
Phone Live Chat
 
Support
 
US Sales: +1 888 720 9500
US Support: +1 844 245 1101
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680
 
 
 
 

How to detect and respond to ransomware attacks

Multiple file modifications in a short period of time and evidence of encryption are two telltale signs of ransomware. Using a few simple patterns, FileAudit Plus can detect these signs of ransomware early on and identify attacks right as they happen. Follow the steps below to configure FileAudit Plus' automated threat response mechanism to shut down any ransomware attack right at its inception.

Set up FileAudit Plus ransomware alert

ransomware-attack-screenshot

  • 1 Run FileAudit Plus → Navigate to the Alerts tab → Click New Alert Profile on the top right corner of the page.
  • 2 Name the alert profile and include an appropriate description (e.g., "Potential ransomware attack”).
  • 3 In the Severity tab, select Critical.
  • 4 Navigate to the filter section and add these filters with the following settings:
    • Actions: Create, modify, rename, and file extension change
    • Monitor: All
    • Monitor Type: Files and folders
    • File Types: All
    • Users: All
  • 5 Navigate to Email Notifications and specify one or more email addresses you'd like to send alerts to. Set Email Priority to high.
  • 6 In the Execute Command text box, run the default script (e.g., "{install_location}\bin\alertScripts\triggershutdown.bat %server_name%") which shuts down the infected system.

    Note: You can also execute your own scripts to perform actions tailored to your organization's needs.

  • 7 Navigate to the Threshold Limit section and switch it on → Specify the number of events to be monitored (e.g.,"100 file modifications in one minute").
  • 8 To save the configured alert, click Save.

You have now successfully configured FileAudit Plus to detect and respond to a scenario where more than 100 files events such as create, modify, and rename are detected within one minute.  As per your organization's needs, you can use the filter option to include or exclude specific file types, users, actions, etc. for more selective monitoring.

ransomware-attack-dload-img

Get FileAudit Plus easily installed, configured and
running within minutes.

Download Now

ransomware-attack-demo-img

We believe actions speak louder than words. Schedule
a free demo, and see for yourself

Request Demo