Blocking Malicious Users
  • 1 Minute to read
  • Dark
    Light
  • PDF

Blocking Malicious Users

  • Dark
    Light
  • PDF

Article Summary

Users that you suspect of triggering ransomware attacks can be blocked by adding them to a Blocked Users group. Blocked users are prevented from accessing the edge filer by all authenticated protocols, including SMB, NFSv4, FTP, and the edge filer user interface.

Users can be blocked automatically or manually. Users that trigger a ransomware incident can be automatically added to the Blocked Users group.

Note

When users are added to the Blocked Users group, their existing SMB sessions are immediately closed. Existing connections via other protocols are not immediately terminated, but the user is not able to create a new session.

To block users automatically:

  1. In the Configuration view, select Security > Ransom Protect in the navigation pane.
    The Ransom Protect page is displayed.
    image.png
  2. Click Settings.
    The Ransom Protect Settings window is displayed.
    image.png
  3. Check Ransomware Mitigation.
    image.png
  4. Click Save.

Any incident that CTERA Ransom Protect identifies as a ransomware attack causes the user who initiated the incident to automatically be added to the Blocked Users group.

Note

CTERA recommends blocking the user in Active Directory as well.

To block users manually:

  1. In the Configuration view, select Security > Ransom Protect in the navigation pane.
    The Ransom Protect page is displayed.
    image.png
  2. Click the number below Blocked Users.
    The Specify Group Name window is displayed.
    image.png
  3. Click Next.
    The Select Group Members window is displayed.
    image.png
  4. Select the user to block.
    1. Select Local Users, Domain domainName Users, or Domain domainName Groups.
      image.png
    2. In the Quick Search box start entering the name of the user or group to exclude or click ... and select the user from the list.
  5. Click Next.
    The Wizard Completed window is displayed.
  6. Click Finish.

The user is blocked from access to the edge filer.

Removing Users From the Blocked Users Group

A user that has been blocked from accessing the edge filer, can be unblocked.

To remove a user from the Blocked Users group:

  1. In the Configuration view, select Security > Ransom Protect in the navigation pane.
    The Ransom Protect page is displayed.
  2. Click the number below Blocked Users.
    The Specify Group Name window is displayed.
    image.png
  3. Click Next.
    The Select Group Members window is displayed.
    image.png
  4. Select Local Users, Domain domainName Users, or Domain domainName Groups and click the image.png icon next to the user to remove from the list.

The user is removed from the Blocked Users list.


Was this article helpful?