We have had a limited episode of Ransomware and we would like to know if there are any sensors that can be used to detect anomalous behavior: we thought about using the Business Process Sensor to define certain conditions such as if there is an increase in Internet traffic, consumption of shared disk and others similar (a pattern that resembles an attack of this type), the BPS goes into warning and sends us a notification. But this sensor considers the sensors of its channels in Warning as normal ... therefore it is not suitable for us.

Is there any other way to monitor this ransomware situation with PRTG?

Thanks!

Article Comments

Hello,

Thank you for your message.

Regarding what you would like to achieve, in addition to the metrics you already mentioned you could create specific files (which are not supposed to be modified) on your network share disks/folders that you monitor with PRTG, as explained in this Kb article: https://helpdesk.paessler.com/en/support/solutions/articles/68959-cryptolocker-detection-with-prtg

The Business Process sensor can indeed be used to trigger an alert when multiple sensors dedicated to ransomware monitoring are triggered (in down state due to limit reached for example). To do so, the error threshold must be configured accordingly in the sensor settings tab, depending on the number of sensors added to the channel.

If you have questions, let us know.

Regards.


Oct, 2021 - Permalink