Use case
Ransomware protection for Windows servers and cloud storage
File-level auditing is a critical line of defense in ransomware protection. With FileAudit, reduce risk by detecting mass file activity and automatically reacting to stop ransomware attacks the moment they begin.
File servers are at the heart of ransomware attacks
Ransomware is a malware that locks files and folders, releasing them only if a ransom is paid. Most ransomware attacks are opportunistic, triggered by unsuspecting employees.
But attacks are getting smarter and more frequent.
The ability to detect, analyze, and respond to suspicious file encryption activity plays an important role in ransomware protection.
Ransomware as a Service (RaaS)
RaaS allows anyone with minimal computing knowledge to pay for ready-made tools that infiltrate systems, copy and encrypt files, and then launch ransom negotiations.
Data leak extortion
Regulations levy heavy fines for data breaches, especially undisclosed breaches. Hackers exploit this pressure and threaten to leak stolen data, even if a ransom is paid.
Stolen data auctions
If one of these other extortion tactics fail, attackers may auction off stolen company data to the highest bidder.
How FileAudit helps detect, respond to, and stop ransomware attacks
Use FileAudit's controls as part of a defense-in-depth strategy to reduce risk at each layer of a ransomware attack.
Read how to detect ransomware with FileAudit and see a test encryption
)
)
Detect massive file encryption
When ransomware encrypts files on a server monitored by FileAudit, it triggers a sequence of three mass access events. FileAudit detects each step in real time. Configure mass alerts to be notified immediately if all three events occur in sequence.
Read: The file content must be read to be loaded into memory.
Write: The data is then encrypted in memory and written to a new file.
Delete: The original file is deleted.
)
)
Detect specific file extensions
Configure a single access alert for file extensions commonly generated by ransomware.
For example, .cryptolocker
)
)
Stop a ransomware attack before damage is done
FileAudit includes predefined PowerShell scripts for an automated response to ransomware attacks. When configuring the three mass access alerts used to detect ransomware, you can easily add these scripts to trigger an automatic response. No need to wait for IT to intervene. For example, FileAudit can automatically log out a user when mass access is detected or when suspicious file extensions such as .cryptolocker appear.
)
)
Prevent a ransomware attack from happening again
With FileAudit, you get a centralized view of NTFS permissions across files and folders. See who has access to sensitive company data and respond quickly after a ransomware attack.