Many ransomware strains such as WannaCry, already have the ability to remove both system restore points and your Windows backups altogether.
Rather worryingly, experts also suggest that ransomware is expected to increasingly target backup files in the future.
With that in mind, we’re particularly excited to see BackupAssist v10.1.0 go live today, as it includes CryptoSafeGuard, a free feature designed to tackle these problems head on.
The ‘infection magnification’ problem
The problem of ransomware is amplified in a business environment because it only takes one infection for the entire network to be affected.
Any files corrupted on your local machine can spread to other users via cloud sync/file sharing apps such as Dropbox, Google Drive, OneDrive, etc.
It’s true that ‘air-gapped’ backups are still good practice, however, it’s not difficult to see how even these aren’t a guarantee of protection.
The biggest problem we see is due to the size of an “incremental” backup after all of your documents have been encrypted. What’s the likelihood your backup software will need to push out historical backups to make way for infected ones without you being any the wiser?
Also, consider if your backup strategy consists of a single mirror copy of the files. What happens if a backup runs after your files are encrypted?
CryptoSafeGuard is a proprietary technology that helps protect your backups so that your business can be recovered even after an attack.
The feature is designed to do four important jobs:
- Actively protect your backups from being encrypted by ransomware
- Detect possible infections before running backups
- Stop backups from running to avoid compromising backups
- Alert you via email and SMS so you can take further action
Above: Access settings via BackupAssist’s ‘backup’ tab
CryptoSafeGuard executes a detection scan before running each backup, using a combination of complementary scan algorithms and signature based checks to detect infection.
It scans the system, and the specific backup job’s selections, using a hierarchical approach so that the slower in-depth checks only happen on the smallest number of files possible.
The diagram below shows at super high-level basic detail, what the process looks like.
If an infection is detected, immediate action is taken:
- Sets BackupAssist UI status to “blocked”
- Stops the backup, sends usual backup error notifications (if configured)
- Sends SMS notification if configured – recommended!
- Stops further backups from running
When a backup is executed, CryptoSafeGuard initiates write locking on each specific backup job’s backup location (path).
The CryptoSafeGuard protector prevents unauthorized processes on the BackupAssist machine from writing to the backup.
It does not prevent other machines from writing to the backup – CryptoSafeGuard is not a replacement for good security practices
The protection means that only BackupAssist processes can create, modify, or delete files at the backup location.
How it differs from traditional antivirus and anti-malware solutions
Apologies for the school teacher red, but it’s important to note that CryptoSafeGuard is not a replacement for your traditional antivirus and anti-malware applications – it’s to be treated as a last line of defence only.
|Anti-virus and anti-malware||BackupAssist + CryptoSafeGuard|
|Focused on detecting viruses and threats, and cleaning up infections.||Focused on providing and protecting a time machine to go back in time and restore data before the infection.|
|Like a bouncer at a night club – trying to stop threats from getting in, and cleaning up (evicting) any threats that managed to sneak in.
|Protection against damage caused by threats that have managed to infiltrate and circumvent the perimeter security. “Undo” the damage caused.
INSURANCE POLICY IN A SECURE VAULT
Download v10.1.0 now
CryptoSafeGuard is available right now and is completely free if you have a BackupAssist licence with valid upgrade protection. We highly recommend you download and upgrade without delay to take advantage of this great feature.
Expired license? Not sure on the status?
If your cover has expired or you’re just not sure either way, simply enter your key into the upgrades checker on our site for a price to bring your installation fully up to date and to reinstate your free technical support.