ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

Unusual File Activity (Data Entropy)

Risk Factors

Large-scale file encryption can be performed without sophisticated tools, but an attacker must have valid permissions to access and encrypt files on a shared file server. This technique can help an attacker lock down access to files or obfuscate file content.

The system might change the risk score for this detection.

Kill Chain

Actions on Objective

Risk Score

78

Detection diagram
Next in Actions on Objective: Unusual File Activity (NFS)

Attack Background

After an attacker obtains a valid set of credentials to a file share, they can proceed with malicious activity that might be overlooked as normal file encryption operations. Examples of normal file encryption include file compression. Examples of malicious file encryption include ransomware malware.

Mitigation Options

Restrict file share access to only authorized IP addresses and users

Restrict file share authentication with a password

Update operating system software to the latest version to reduce the number of vulnerabilities that can be exploited

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right