Forum Discussion

Yogeesh143's avatar
Yogeesh143
Copper Contributor
Sep 15, 2025

Ransomeware query

If any ransomware detection i need following query for advance hunting in defender  

  1. Look for rapid file modification or creation or deletion

2. Rapid file encryption one 

3. look for a ransom note 

4. look for encryption algorithms 

5. look for double extension

6. Also query for birth time of the file 

1 Reply

  • rahuljindal's avatar
    rahuljindal
    Bronze Contributor

    MDE will do that for you. If ransomware is detected, controlled folder access security settings with take care of quarantining and deleting necessary content and artefacts. 

Resources