The alerts for ransomware threat detection warn about unusual behavior in the storage
system. Sometimes, the activities that trigger an alert could be intentional like the part of
routine configurations.
About this task
When you receive an alert for ransomware threat detection, contact the system administrators so
that they can determine if it is a false positive or what is the appropriate procedure for
recovery.
Procedure
If an alert is identified as a false positive, complete the following steps to
acknowledge it.
- In the modern UI: Click Alerts in the top menu bar, and
then click Potential Ransomware Detected in the Alert name column. The
alert details panel opens. Click the Acknowledge in the alert details
pane.
You can acknowledge ransomware threat detection alerts only
through the modern UI in the free version of IBM Storage
Insights because the classic UI does not support
ransomware threat detection. In the Pro version, ransomware threat detection is supported in both
the classic and modern UIs.
- In the classic UI (From alerts details page)
- From the storage systems details page, click Alerts in the
General section.
- Right click the desired volume or volume group that displays the alert name as
Ransomware threat detected. Click Acknowledge
Alerts.
- In the classic UI (From volumes or volume groups details page)
- From the storage systems details page, click Volumes or
Volume Groups in the Internal Resources
section.
- Right click the desired volume or volume group that displays the status as
Ransomware threat detected. Click Mark Status as
Acknowledged.
Results
When false positives are acknowledged, the severity of the alert changes from
Critical to Critical - Acknowledged. Also, the status
of the volume or volume groups change from Online (Threat Detected) to
Online (Threat Detected,
Acknowledged).
Note: An alert for potential ransomware threats is not cleared with subsequent probes unless it is
acknowledged.