Due to age and trying to prevent this topic from becoming stale, im recreating this post: https://feedback.huntress.com/ransomware-canaries/p/ransomware-canaries-ability-to-put-deploy-canaries-to-network-drives-custom-loca This needs to be implemented as soon as possible. Not monitoring all system drives is a huge blind spot and I'm baffled this has not been implemented yet. One of our clients were recently hit with ransomware and the attackers went after the data drives first. It's common for a large majority of critical data to be stored on a separate data drive on a server and then shared out to the network. I don't think we need to specifically add "Network share ransomware canaries." I think we'd be fine just making sure each system has canaries distributed to all local system drives. For NAS, maybe we can assign one server/device on the network to watch the canaries. You guys are awesome, but I feel this is a critical oversight/blindspot.. especially considering this is exactly what we just saw in the wild. Would appreciate any and all attention you can give to this post so we can get this implement and on the roadmap.
