Ransomware Canaries

If you're a computer user that's found a strange-looking file on your system guiding you to this page, you're in the right place! 

If you're a Huntress partner, or just a curious party, looking for the technical details about our ransomware canary feature, please read the more detailed article here. For a non-technical explanation about the canary file itself, continue reading. 

The file you found that led you here is called a ransomware canary. It's provided by a service called Huntress that was put in place by a Managed Service Provider or your IT Department. Similar to how miners used canaries in the coal mines to detect harmful gasses like carbon monoxide, Huntress uses these files to detect a harmful type of computer virus called ransomware. If this file is changed, moved, or deleted, it will trigger an alert to the Huntress service, and by proxy your IT professionals, notifying them of the possibility of a ransomware outbreak. It's important that you do not modify the files or their location in any way. They are typically hidden, take up very little storage space, and not harmful in any way. They are small examples of common file types, such as documents or images. 

As a reference, the file should look similar to the one below. The logo or colors may differ, but this is the basic format: 


If you're an end-user (and not a managed service provider or IT department employee), it's best to reach out to who handles the IT at your organization if you'd like more information. If you feel the file shouldn't belong on your computer or is there without permission, please submit the file to our support department using the contact link at the top of the page. Be sure to include any details you can provide, and we'd be happy to assist you. 

Need to open a ticket with us? Contact Us Contact Us

Still need help? Contact Us Contact Us