Netwrix Enterprise Auditor (formerly StealthAUDIT) 11.6 has been released LEARN MORE
Stealthbits

Detect and Prevent Ransomware

Blog >Detect and Prevent Ransomware
Ransomware
| Adam Laub | | Leave a Comment

There are many sources of motivation for hackers and bad actors to do what they do, but ransomware attacks are driven by two primary motives; money and destruction. However, even though there are dozens of ransomware variants with new mutations being discovered weekly, they all exhibit the same common behavior; large volumes of file modifications in short periods of time. If you’re going to do this, you need to detect unusual or abnormally high file system activity in short timeframes as well as operations associated with ransomware presence such as the creation of files with specific names and file extensions.  Monitor all file activity on all your critical file systems, send the data to your SIEM, write rules looking for the aforementioned patterns, and hope you find your attacker.

Or, stay tuned for a better solution from STEALTHbits…

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Loading

Featured Asset

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe

DON’T MISS A POST. SUBSCRIBE TO THE BLOG!


Loading

© 2022 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.

FREE TRIAL