Ransomware attacks may be prevented by monitoring file access requests. When a process requests a directory listing, the results provided may be modified based on whether the process is trusted or not. For trusted processes, the results provided are the actual directory listing, while the results provided to processes that aren't trusted may be modified to include seeded files. Access to the seeded files may be monitored to determine if the process is associated with a ransomware attack, and steps taken to mitigate an attempted ransomware attack. Ransomware may also be prevented by ensuring that only trusted processed are allowed to access certain files. In order to provide an improved user experience, the processes can be determined automatically from a system structure and their trustworthiness determined.
展开▼
