Views:

This widget provides an overview of all the attempted ransomware attacks for a specified time range.

The default view displays a summary of all the ransomware detections and further categorizes the attempts based on the infection channel.

  • Click the ransomware detection count on the default view to open the Security Risks - Ransomware logs screen that lists the ransomware detection details.

Click any of the charts on the right side of the widget to display an enlarged view of the chart data.

  • Hover over the node(s) for any particular day to view the total number of detections for the displayed detection category. Click a node to redirect to the Security Risks - Ransomware logs screen, which lists the ransomware detection details for that particular day.

Table 1. Ransomware Detection Channels

Channel

Description

Detected By

Web

Files downloaded using a web client (for example, browser or FTP client)

  • Web Reputation

  • Real-time Scan

  • Behavior Monitoring

Network traffic

Ransomware detected by the Suspicious Connections feature

  • Suspicious Connections

Cloud synchronization

Files synchronized to the local sync folder by the following supported cloud storage services:

  • Microsoft™ OneDrive™

  • Real-time Scan

  • Behavior Monitoring

  • Predictive Machine Learning

Email

Email attachments opened using Microsoft Outlook

Note:

Apex One classifies all attachments opened using other email client applications in the Local or network drive channel.

  • Real-time Scan

  • Behavior Monitoring

AutoRun files

Programs located on removable storage drives and executed by an autorun file

Note:

Apex One classifies all other files/programs not executed by the autorun program on removable storage devices in the Local or network drive channel.

  • Real-time Scan

  • Behavior Monitoring

Local or network drive

Ransomware detected on local or network drives including:

  • Email attachments opened using email clients other than Microsoft Outlook

  • Files on removable storage devices not executed by the autorun program

  • Real-time Scan

  • Manual Scan

  • Scheduled Scan

  • Scan Now

  • Behavior Monitoring