After having had 3 clients hit with crypto viruses in the last 3 weeks (good backups, so tears minimized), I am wondering if there are any tools available that would detect multiple files written to a file server in a short time. My typical case over the last year has seen 20,000 - 60,000+ files encrypted over a few hours or a day.
Most of our users would have no valid reason to save 10+ differentfiles every second (or even 50+ per minute)to a file server, and I would be happy to have such behavior flagged and blocked until we can check it out. Are there any tools that I can run on a Windows file server thatwould detect such a usage pattern? It would probably have to be able to notice multiplefiles saved by a single user, although in some not-so-busycaseswe could probably even use something that flagged an unusually high global usage...