Miners used canaries in coal mines to detect dangerous gas. Similarly, this feature deploys Ransomware Canary files in various computer directories and monitors them for changes. When a file is altered, renamed, or deleted (such as by ransomware encryption), it alerts our security team. The team reviews the conditions surrounding the alert in order to confirm or rule out ransomware and send an incident report.
Ransomware Canaries are placed on every workstation for early detection of live ransomware encryption activity. This early warning capability allows for a faster response time and better chance that we will be able to contain the attack before it spreads to other servers or workstations. With this tool, we can identify which endpoints were affected and find out as much as we can about the scope of the attack.
This early warning system can reduce the damage from malicious threat actors. Instead of waiting for a full-scale ransomware attack to occur, we now have the capability to see it coming and stop it in its tracks. Acumen include Ransomware Canaries in every Managed IT Services package – to prevent as many ransomware outbreaks as we can before they become a problem for your business.