Check if the audit log is turned on to detect a Ransomware attack.
Use the Office 365 Security & Compliance Center to turn on audit log search.
1. In the Security & Compliance Center, go to Search > Audit log search. You’ll see a banner telling you that auditing has to be turned on to record user and admin activity.
2. Click Turn on auditing.
The banner is updated and after 24 hours auditing is activated, so it will be possible to detect Ransomware attacks.