Catch Ransomware in the act
Monitor files for encryption to minimize effect of Ransomware
alton
shared this idea
This is a very common use case for a lot of users. The actions that users take however varies quite a bit based on their own requirements. Some people configure firewall rules, some run removal tools, some shut-down the PC etc, in almost all cases and email is sent. For us to provide this configuration and necessary filters out -of-the-box would require a significant investment in continued research of crypto malware in order to keep monitoring effective.
That being said, we may still pursue this because when configured correctly, Directory Monitor is very effective as an early detection system for crypto viruses and has already been successful in numerous live installations. With enough support for this idea we may take this on.
-
Daniel has kindly shared an article on how to configure Directory Monitor for ransomware detection along with scripts to disable the shares to prevent them from spreading across the network: https://moonly.eu/enhance-your-security-against-ransomware-with-directory-monitor/
We'll be looking at adding pre-configurations for things like this and even a new turn-key plugin solution with more generic options to protect your servers/workstations.
-
Daniel Jean Schmidt
commented
Hello Alton, I have actually done this on our system. it works very well. Do you want me to show you? you can contact me on djs@alex-andersen.dk