If any ransomware detection i need following query for advance hunting in defender Look for rapid file modification or creation or deletion2. Rapid file encryption one 3. look for a ransom note 4. look for encryption algorithms 5. look for double extension6. Also query for birth time of the file

MDE will do that for you. If ransomware is detected, controlled folder access security settings with take care of quarantining and deleting necessary content and artefacts.

Forum Discussion

Yogeesh143

Copper Contributor

Sep 15, 2025

Ransomeware query

If any ransomware detection i need following query for advance hunting in defender

Look for rapid file modification or creation or deletion

2. Rapid file encryption one

3. look for a ransom note

4. look for encryption algorithms

5. look for double extension

6. Also query for birth time of the file

1 Reply

rahuljindal
Bronze Contributor
Sep 15, 2025
MDE will do that for you. If ransomware is detected, controlled folder access security settings with take care of quarantining and deleting necessary content and artefacts.