Ransomware Incident details

NOTE  Ransomware detection is supported on Workplace Server and Workplace Desktop for Windows and Mac 7.4 or later, but we recommend that you use the most recent versions to enjoy the best possible user experience.

The Ransomware Incident detail page provides all the information and management tools you need to handle team security incidents detected by Workplace. Here, you can review incident details, confirm or ignore the incident, generate a report, track the incident through its lifecycle, revert affected files and export relevant information about them, review the status of affected devices, and drill to the Device Detail page for each device.

This page is comprised of four sections: Incident summary, Incident details, Revert Affected Files, and Affected Devices. Some sections will be expanded or collapsed by default, depending on the current status of the incident.

IMPORTANT  This feature is designed to contain the security breach and to keep it from spreading via the sync process in the case of project files and, in the case of backup files, to provide a way to prevent backups of encrypted files and quickly revert backed up files to their last known good state. If you have a confirmed security incident, we recommend that you revert the affected files, recycle the device via Workplace, completely uninstall Workplace from the device (refer to Install or uninstall the Workplace app), scrub the device of all malware, reinstall Workplace, and restore the files from the service.

IMPORTANT  The Workplace Ransomware Detection & Management feature alerts you of ransomware attacks on both your project files and your backed up files. As a result, you may see more than one incident for the same ransomware attack. We strongly recommend that you resolve ALL incidents through this interface to help ensure the security of your device and data.

How to...