Windows data protection specialist BackupAssist is the latest vendor to provide a capability that helps combat ransomware.
The Australia-based company recently launched CryptoSafeGuard, part of its BackupAssist data protection software for SMBs. The application includes CryptoSafeGuard Detector and CryptoSafeGuard Protector for the ransomware backup strategy.
The technology works with existing anti-malware software.
“We are an added layer to anti-malware,” said Linus Chang, CEO of BackupAssist. “We don’t replace it. We complement it. This protects the on-premises backup. We inspect data and file names and see the changes from ransomware attacks. After we detect something, we go in lockdown mode and preserve the clean backup. Then we alert the administrator.”
Ransomware is malware that keeps customers’ data hostage for an extortion fee. It is among the greatest security threats to businesses and backup has been a key ransomware protection tool. But the viruses are adapting to traditional backup processes.
CryptoSafeGuard scans and detects suspicious activity in source files that can be related to ransomware and then sends alerts via a text message or email and blocks backup jobs from continue to run. All backup jobs are blocked until the alert has been resolved as part of the ransomware backup strategy.
The CryptoSafeGuard Protector layer switches on when the backup job starts to run. It operates on the driver level to monitor existing backups and prevents suspicious processes from infecting the backups. This allows only BackupAssist to create, delete or update data in backups. The CryptoSafeGuard Detector does a “hierarchical threat scan” when a backup job begins to ensure the backed up data is clean, and blocks backup jobs if an infection is detected. This prevents the infection from spreading to backup data.
The new function is available with BackupAssist 10.1 for local file systems and basic partitioned volumes in Microsoft Hyper-V environments. Dynamic partitioned volumes, such as striping and spanning, are not scanned. Neither is Microsoft SQL Server.
‘Reliable way to get back to a known good copy’
Michael Osterman, president of Osterman Research, Inc., said BackupAssist is using snapshot technology to roll back to a good backup copy as part of the vendor’s ransomware backup strategy.
“Except in rare cases, there is no true recovery from ransomware,” Osterman said. “This is a very reliable way to get back to a known good copy. This is a second-best way to protect against ransomware. The primary way is to prevent it in the first place.
Chang said some of the ransomware attacks in Australia have targeted the servers and the backup software on the systems. Also, small businesses have been hit with ransomware attacks. Just several months ago, a small automotive company had to pay $8,000 to get its data back because its backups were destroyed. Another small company was hit via its cloud-file sharing Dropbox software and that affected other people connected to the file-sharing application.
“One of his clients received a doggie email,” Chang said. “They clicked on the email and it infected their computer. He was coaching eight different businesses and everyone else got corrupted.”