Ransomware Incident Detail

Administrators and Super Administrators

Workplace Online > Team > Security > click incident

Workplace Ransomware Detection & Management is supported on Workplace Server and Workplace Desktop for Windows and Mac versions 7.4 or later.

The Incident Detail provides all the information and management tools you need to handle team security incidents detected by Workplace"Workplace" describes the Autotask Workplace service in its entirety.. Here, you can review incident details, confirm or ignore the incident, generate a report, track the incident through its lifecycle, revert affected files and export relevant information about them, review the status of affected devices, and drill to the Device Detail page for each device.

This page is comprised of four sections: Incident Summary, Incident Details, (Revert) Affected Files, and Affected Devices. Some sections will be expanded or collapsed by default, depending on the current status of the incident.

This feature is designed to contain the security breach and to keep it from spreading via the sync process in the case of project files and, in the case of backup files, to provide a way to prevent backups of encrypted files and quickly revert backed up files to their last known-good state. If you have a confirmed security incident, we recommend that you revert the affected files, recycle the device via Workplace, completely uninstall Workplace from the device (refer to Install or Uninstall Workplace Desktop), scrub the device of all malware, reinstall Workplace, and restore the files from the service.

The Workplace Ransomware Detection & Management feature alerts you to ransomware attacks on both your project files and your backed up files. As a result, you may see more than one incident for the same ransomware attack. We strongly recommend that you resolve ALL incidents through this interface to help ensure the security of your device and data.

How to...

 

 

Forward this topic to others