Ransomware Solution

The purpose of the Ransomware Canary service is to find ransomware activity on an endpoint. Canary files are deployed and monitored for changes by this feature in several directories.

 

The CyberTI® agent will notify the threat operations team to evaluate the circumstances causing the alert to confirm ransomware and send an incident report with incident details whenever it discovers that a canary file has been changed, renamed, or deleted.​