Ransomware started as simple encryption but it now involves stealing data too (exfiltration being the buzzword). I am suggesting that Peplink use data already collected by their routers to create new reports on high bandwidth usage. Unusually high outbound bandwidth may indicate a ransomware problem.
There are already 24 hourly bandwidth reports with details on each router client for the hour. Knowing which hour had the most bandwidth is of limited value. But, if the router could scan through the hourly reports and make a new report of the top ten clients using bandwidth in any recent hour, that, to me, would be more useful.
I could live with just outbound bandwidth (looking for ransomware) but others may disagree.
And, if the report could include the user-friendly name for a router client it would be much more user-friendly Relating MAC addresses to user-friendly names is a pain point with the existing bandwidth usage reports.
A review of the Daily data should (I assume) also be easy to do. I am not sure how far back to go, but a new report showing the router clients with the most uploaded and downloaded data per day can be helpful. In both cases, there is very little data that needs to be sifted through.
Eventually, I would like to see alarms of some type for excessive bandwidth usage, but these would be first steps.