Windows EDR - Ransomware Canaries Improvements | Voters

Windows EDR - Ransomware Canaries Improvements

this quarter

James Mason | SE @ Huntress

Updating capabilities we use to see Ransomware, increasing telemetry pull for Ransomware attacks and add in correlation to have a better view into how, when and where an attack started from

February 21, 2025

Matthiew Morin (Huntress)

We have dramatically improved the speed and accuracy of reporting when Ransomware Canaries are tripped. Our SOC is already making use of these improvements.

Although this item has not been marked as Complete yet, you are likely already seeing the benefits of these improvements. We'll likely mark this item as Complete at the end of this month.

Bjørn Mathisen

I assume a process implicated in a ransomware detection on one machine will be identified and then shut down across all hosts?

James Mason | SE @ Huntress

marked this post as

this quarter