What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Ransomware sensor. Using Business Process Sensor.

Votes:

0

We have had a limited episode of Ransomware and we would like to know if there are any sensors that can be used to detect anomalous behavior: we thought about using the Business Process Sensor to define certain conditions such as if there is an increase in Internet traffic, consumption of shared disk and others similar (a pattern that resembles an attack of this type), the BPS goes into warning and sends us a notification. But this sensor considers the sensors of its channels in Warning as normal ... therefore it is not suitable for us.

Is there any other way to monitor this ransomware situation with PRTG?

Thanks!

business-process-sensor pattern ransomware

Created on Oct 8, 2021 4:43:37 PM



1 Reply

Votes:

0

Hello,

Thank you for your message.

Regarding what you would like to achieve, in addition to the metrics you already mentioned you could create specific files (which are not supposed to be modified) on your network share disks/folders that you monitor with PRTG, as explained in this Kb article: https://kb.paessler.com/en/topic/68959-cryptolocker-detection-with-prtg

The Business Process sensor can indeed be used to trigger an alert when multiple sensors dedicated to ransomware monitoring are triggered (in down state due to limit reached for example). To do so, the error threshold must be configured accordingly in the sensor settings tab, depending on the number of sensors added to the channel.

If you have questions, let us know.

Regards.

Created on Oct 11, 2021 6:58:22 AM by  Florian Lesage [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.