Detect Ransomware Attacks

Ransomware can take over enterprise data and threaten to publish it or block access to it until a ransom is paid. Cohesity DataProtect as a Service detects potential ransomware attacks in your environment.

We use machine learning algorithms to continuously monitor change rates in the backup data. If the rate is out of the normal range — based on daily and historical rates — Cohesity DataProtect as a Service flags it as a potential ransomware attack.

If Cohesity DataProtect as a Service detects an anomaly during a protection run of your data, it triggers the critical alert, DataIngestAnomalyAlert. Using the alert information, you can investigate the anomaly and decide on the next course of action.

After reviewing the anomaly, you can either ignore the anomaly or recover the object from the last clean snapshot.

To locate and inspect potential anomalies:

  1. In DataProtect as a Service, navigate to Health > Alerts and then click the Severity filter.

  2. Select Critical and click Apply.

  3. If you see a DataIngestAnomalyAlert alert, click into it.

  4. On the DataIngestAnomalyAlert page, review the alert details.

  5. Once you have thoroughly reviewed the alert, click:

    • Ignore Anomaly to dismiss the anomaly.

    • Recover Object to recover the object from the last clean snapshot.