An organization uses an EDR solution and wants to detect ransomware that encrypts files and then deletes volume shadow copies. Which EDR detection technique would be most effective for this behavior?
Behavioral detection identifies the pattern of file modifications and shadow copy deletion.
Why this answer
Behavioral detection monitors runtime behavior like file encryption and shadow copy deletion, which are indicative of ransomware.