What should you do when SysCloud detects ransomware in your account?

SysCloud’s Ransomware Protection add-on helps IT administrators detect potential ransomware threats in backup archives and take appropriate action to minimize business disruption and prevent reinfection. 

When ransomware or encrypted files are detected in your Google Workspace, Microsoft 365, or other supported apps, you’ll receive an alert under the Ransomware section of the application. 

Follow the steps below to review and take action on ransomware alerts: 

Step 1: Open the Ransomware dashboard 

1. Log in to your SysCloud account. 
2. On the Home screen, click on Ransomware under the Quick Links section. 
   
   
3. You will see a summary of alerts categorized by confidence level (High, Medium, Low). 
4. Click on the number of alerts to view the list of affected files. 
   
   
   
   

Step 2: Review affected files 

1. You will see details of the files flagged for ransomware, including file name, app, owner, last modified date, and discovery tags. 
2. Select the file(s) you want to take action on. 

Step 3: Take action on the flagged files 

Once you've selected the files, click on the More dropdown to access available actions: 

• Hold 
  Temporarily holds the file for investigation. This prevents accidental deletion or restoration. 

• Transfer ownership 
  Allows you to transfer file ownership to another user within the same domain. 
  You can also: 

• Restore ownership (if previously transferred) 

• Quarantine the file (assign it to an admin account for isolation) 

• Remove sharing 
  Restrict access to the file by: 

• Removing all sharing 

• Removing only link sharing 

• Removing external domain sharing 

• Delete 
  Permanently deletes the flagged file from backup archives. 

• Restore from safe snapshot 
  If available, restores a clean version of the file from a previous safe backup snapshot. 

• Dismiss 
  Dismisses the alert. 
  You can also mark it as a false positive and add a comment (optional).