Take Action Against Ransomware

Take Action Against Ransomware

After identifying nefarious activity on your file servers, whether it’s massive data theft or activity associated with ransomware, taking action is the next step. StealthINTERCEPT v4.0 now gives us the tools to automatically Lockdown those critical file areas once the rule for the File System Attacks Analytic is met. Let’s get started.

First, we need to select the File System Attack Analytic, then select the Configure icon:

ransomware-file-system-attack-analytics

Once the Configure Analytics window is open you will see “Enable Automatic Lockdown” checkbox. Once checked, this option will place Perpetrators responsible for triggering this analytic into a Lockdown state for all paths selected within the policy:

ransomware-lockdown

Exercise caution when enabling this lockdown feature as it will prevent file/folder access for users triggering the analytic. After a review, there may be desire to re-grant access back to the locked-out Perpetrator. This can be done by selecting the “Modify Lockdown Perpetrators” hyperlink within the Configure Analytics window.

ransomware-configure-analytics

Users under Lockdown can be viewed and managed through this window. You now know the settings necessary to automate protection from unwanted levels of activity.

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.