Skip to content
NGBackup NGBackup Docs

Ransomware Detection

Real-time filesystem monitoring (Shannon entropy, burst-rename, suspicious extensions, altered-ratio) with nine configurable response actions — plus an Incremental Accelerator that skips the File Daemon’s full tree-walk for up to 3x faster incrementals on Linux.

Capabilities

Section titled “Capabilities”
  • Entropy & anomaly detection in real time
  • Nine configurable response actions
  • Burst-rename & suspicious-extension heuristics
  • Incremental Accelerator — up to 3x faster on Linux
  • Early warning before the attack spreads

Configure

Section titled “Configure”

Add the sentinel to a FileSet to watch a path in real time:

FileSet {
  Name = "protected"
  Include {
    Options { Plugin = "sentinel: watch=/data entropy=on actions=alert,pause" }
    File = /data
  }
}

Restore

Section titled “Restore”

See the capability page in Protect.

See also: Restore, Instant Recovery & V2V.