EMERGENCY MODE ACTIVE
Network isolation enforced · Writes suspended on 2 endpoints · Vault locked since 09:15:02
3
Active Alerts
↑ 2 last hour
2
Affected Endpoints
FIN-047, OPS-012
1,240
Affected Files
across 2 endpoints
1,180
Clean Versions Locked
air-gap vault
97%
Recovery Confidence
vault verified
2
Incidents Created
INC-001 / 002
Active
Emergency Mode
since 09:15:02
Detection Rules
3 of 7 triggeredMass File Rename
>500 files renamed in <60s
842 files affected
Bulk Extension Change
Extension swap to unknown type
398 files affected
Rapid File Modification
>200 writes/min sustained
Mass Deletion
Volume shadow copy removal
Encryption Pattern
Entropy spike on write ops
12 files affected
Unknown Process Activity
Unsigned binary file ops
After-Hours Anomaly
High I/O outside business hours
Active Alerts
3 OPEN| Time | Endpoint | User | Department | Detection Type | Files | Severity | Last Clean | Action | Status | |
|---|---|---|---|---|---|---|---|---|---|---|
| 09:14:33 | WKSTN-FIN-047 | jmorgan | Finance | Mass File Rename | 842 | Critical | Jun 30, 09:00 | Restore & Isolate | Active | |
| 09:18:07 | WKSTN-OPS-012 | akovacs | Operations | Bulk Extension Change | 398 | Critical | Jun 30, 09:05 | Restore & Isolate | Investigating | |
| 09:22:51 | WKSTN-FIN-047 | jmorgan | Finance | Suspicious Encryption Pattern | — | High | Jun 30, 09:00 | Monitor & Alert | Investigating |
Incident Timeline
INC-2024-001Unusual rename pattern detected on WKSTN-FIN-047
842 files renamed with unknown extension .enc3x
Ransomware detection rule triggered — INC-2024-001 opened
1,180 clean versions immutably sealed in air-gap vault
Network isolation initiated, all writes suspended on endpoint
97% confidence — restore point Jun 30 09:00 ready for deployment
Vault Recovery Status
Air-gap · 3 geo replicas
Clean Versions Locked
1,180
Restore Point
09:00 UTC
Vault Region
US-East / EU
Last Verified
09:14:41