Close this search box.

Interrupt and Track Ransomware Attacks

Northern offers a valuable layer in your Ransomware protection strategy.


Through the capabilities of Northern’s Software Solution (NSS), customers are able to interrupt attacks by blocking the creation of files with associated file types, get alerts when attempts to save these types are blocked, and view information about past attempted attacks in a dashboard.

This solution offers a potent layer of protection in the fight against Ransomware attacks. When coupled together with additional approaches and tools, your company can establish a robust and resistant defence against this type of criminality.

Northern Solution

Northern’s software is capable of blocking the saving of specific file types (file extensions), logging and alerting when these policies are triggered, and providing information about these activities in management dashboards.

The configuration of the software is straightforward, and is performed using pre-configured packages and Northern’s PowerShell Toolkit. After configuration, the list of file extensions to be blocked must be maintained by the customer; a regular process of reviewing and updating the list of blocked extensions should be implemented to keep pace with the changing threat. The list of blocked extensions is best maintained by creating simple extension lists and utilizing functions of the PowerShell Toolkit to import them.

Once implemented, the solution will:

  • Continuously monitor for, and block, attempted saves of prohibited file types.
  • Send alerts to the threat response team with information about the attempted attack (file extension blocked, account used, etc.).
  • Provide regularly updated dashboards that allow for patterns to be identified, and show the effectiveness of the work being done.

Blocking Attempted Attacks

For the target platforms that offer the necessary interface (see Requirements below) NSS can be configured to block the creation of files according to their extension – File Block policies. This capability is being used to prevent Ransomware from encrypting and saving files with a new file extension; the Ransomware is paralysed as its attempts to save encrypted versions of your users’ data are denied.

By implementing a regular process of updating NSS’ configuration, through the user interface or the Northern PowerShell Toolkit, customers are able to continuously maintain policies as the Ransomware threat changes – adding new file extensions to block new Ransomware types. Ransomware that uses a random extension, retains a file’s original extension, or uses an extension that is not currently configured to be blocked, will not be detected.

Alert When Attacks are Blocked

Normally, the software is configured to send an email to the the threat response team within two minutes of the File Block policies being triggered. (This interval can be shortened or lengthened.) These alerts provide information to guide their response, such as the account(s) that were used to attempt these writes, the number of attempted writes, and the file extensions that were blocked.

NSS leverages the audit trail that it maintains about File Block activity to populate these alerts. One controlling factor in the content of this log, and therefore the content of alerts, is the information that the target platform is able to deliver. Northern’s Professional Services team will be able guide you in determining what information can be included in your alerts.

Example of a simple email notification delivered by this solution:

Management Dashboards

It is important to be able to both block attacks, and gather data about the attacks that have been blocked. This information is vital if patterns are to be found, so that long-lasting solutions can be implemented, and it enables the security team to monitor the effectiveness of the processes put in place and report that effectiveness to relevant stakeholders.

Northern’s self-service, and fully role-based-access compliant interface can be configured to display both overview and detailed information about activities of the File Block policies put in place. This configuration is achieved, very simply, by importing pre-configured settings.

Summary information in a default dashboard:
Detailed information in a default dashboard:
The table below shows the tasks involved in implementing this Northern solution, the time required, and who is responsible to perform each task*:
1Import configuration settings and describe workflows2 hoursNorthern
2Edit/confirm Northern’s default list of extensions to block1 hourCustomer
3Run PowerShell Toolkit commands0.5 hoursNorthern
4Maintain list of extensions to block as threats develop1 hour per reviewCustomer
* The exact list of tasks involved, and the time required for each, will depend on a customer’s specific circumstances. Contact Northern’s Professional Services team for information about what woould be necessary in your organization.

Ransomware protection can only be achieved by establishing multiple layers of security, process, and awareness. Northern offers one of these layers – a software solution that interrupts, alerts on, and tracks attempted attacks over time. 

If you are already a Northern customer, and you are using the software for both quota functionality and file system analysis, then there is no need to prepare new application infrastructure or prepare new application IDs.

There are no requirements to change the current IT infrastructure. You should not need to seek advanced approval, or complete a detailed Change Control process. This is a straightforward, no-nonsense way to improve Ransomware protection for your organization.

NSS DeployedVersion 9.91 or later
SQL DatabaseSQL Server 2012 or later
NSS Solution Area(s)Centralized File Service Management (CFSM)
Supported PlatformsNetApp CDOT, NetApp 7-Mode, NetApp Cloud Volumes ONTAP, Dell EMC PowerStore/Unity/VNX, and Hitachi Vantara HNAS

More of what we deliver

Reduce risk

Security breaches, cyber-crime and data privacy regulation – your organization’s data will inevitably contain sensitive information.

Reduce cost

Storing your organization’s data is costly, especially when considering all expenses associated with housing the data.

Increase efficiency

Efficiency of those owning and being dependent of the data decreases as it becomes increasingly chaotic.

Corporate responsibility

Pressure mounts on all organizations to take more social responsibility – IT services, internal or external, need to incorporate capabilities facilitating CSR.
Northern Parklife icon

Get started

If you wish to start using NSS to interrupt and track Ransomware attacks please contact your Account Manager, or the Professional Services team, to schedule the first action: import configuration settings and describe workflows.

Contact Us