Detect Ransomware Attacks
Ransomware can take over enterprise data and threaten to publish it or block access to it until a ransom is paid.
We use machine learning algorithms to continuously monitor change rates in the backup data. If the rate is out of the normal range — based on daily and historical rates —
If
After reviewing the anomaly, you can either ignore the anomaly or recover the object from the last clean snapshot.
To locate and inspect potential anomalies:
-
In DataProtect as a Service, navigate to Health > Alerts and then click the Severity filter.
- Select Critical and click Apply.
-
If you see a DataIngestAnomalyAlert alert, click into it.
-
On the DataIngestAnomalyAlert page, review the alert details.
-
Once you have thoroughly reviewed the alert, click:
-
Ignore Anomaly to dismiss the anomaly.
-
Recover Object to recover the object from the last clean snapshot.
-