Stop Remote Ransomware Attacks with Falcon Endpoint Security
CrowdStrike, Monday, July 14th, 2025
Ransomware is evolving fast - and remote encryption attacks outpace legacy defenses. CrowdStrike Falcon Prevent includes File System Containment, a feature that automatically blocks ransomware at the file access level, even when the attack originates from unmanaged systems
Ransomware is a rapidly evolving threat, with attackers increasingly turning to remote techniques that target network shares. To help defend against these tactics, CrowdStrike Falcon Prevent endpoint security includes a capability called File System Containment, which is precision-focused to block malicious file system actions over Windows Server Message Block (SMB) shares, halting encryption as soon as possible.
Threat actors commonly abuse the SMB protocol to encrypt and exfiltrate data across network shares, bypassing traditional protections. These attacks often originate from unmanaged systems or involve compromised credentials, allowing adversaries to move laterally, encrypt sensitive data, and disrupt business operations without executing malicious code directly on a target device.