I changed the Ransomware Detection Service from beta to stable.
I didn’t get as much beta testing as I would like. However, I did get 6 people to test successfully. I have been using the software for over six months to complete success. I have caught 4 ransomware attacks within 20 minutes of the initial attack over the last six months. The Ransomware Detection Service ran the script to shutdown the user’s computer and disabled the Active Directory computer account for the infected computer automatically. This quick action gave me peace of mind. I had 16 false positives due to users deleting or moving the folder used for detection. How often this occurs has decreased over time with user notification and training.
I want more feedback, but overall I am using the Ransomware Detection Service to great effect.
There are additional uses for this software:
- Search for corrupted or encrypted office documents in file shares.
- File change email notification
- File change can execute a script
- Get a list of changed files when compared with last backup
- Get a list of all unknown file extensions in file shares
- Get a list of all files in the file share