Prevent Ransomware with Microsoft File Server Resource Manager

Microsoft servers (Starting from 2008 I think), Have a role called File Server Resource Manager (FSRM).

You can install this node under "File Server" from "Server Manager".

The intention is that you create a file group with all known extensions of ransomware and then create a rule to screen all files on a server and block any attempt for file creation/modification with the extensions defined in your file group.

What this means is that all files on your server are protected by this policy meaning that they cannot be encrypted from a PC.

This does not protect PCs getting encrypted.

Other cool features you can do is use the script to lock out the AD account and email administrators when the event occurs.

For more info, see here: