You may have heard about BackupAssist’s new ransomware-protection feature, CryptoSafeGuard. Here’s how toÂ get it and set it up to protect your backups.
What is CryptoSafeGuard?Â A Quick Summary.
CryptoSafeGuard consists of two distinct components that protect your backups from ransomware.
- The CryptoSafeGuard Detector, which prevents infected files from being backed up.
- The CryptoSafeGuard Shield, which protects your existing backups from ransomware.
This article looks at how to set up CryptoSafeGuard so that you get the best results from these two components.
CryptoSafeGuard is available for all BackupAssist users who have BackupAssist 10.1 or later and an active BackupCare subscription.
The next thing toÂ do is check that you have CryptoSafeGuard is enabled.
To check and enable CryptoSafeGuard:
- Open BackupAssist.
- Select the SettingsÂ tab.
- SelectÂ CryptoSafeGuard.
- Check that there is a tick by Enable CryptoSafeGuard protection. Tick the box if it is not ticked.
NOTE: If the tick box is greyed out, it means that you do not have an active BackupCare subscription.
CryptoSafeGuard will show as enabled on your Backup tabâ€™s Home screen (As shown below).
CryptoSafeGuard will also show as enabled in your backup reports.
Setting up notifications
With CryptoSafeGuard added and enabled, you now need to enable SMS notifications. These notifications send an alert to a mobile number ifÂ CryptoSafeGuard detects a possible ransomware infection. Set up SMS notifications inÂ the same dialog used to enable CryptoSafeGuard. As you can see in the Settings screen shot above, all you need to do is enter the phone number into the field provided.
Type the phone number in the SMS Number field using the standard international phone number format â€ś+<country code><mobile phone number>â€ť.Â The SMS test button will become active once a phone number has been entered in the correct format.
Click Test and a test message will be sent to that phone.
Securing your backup destination
The CryptoSafeGuard Shield protects your backups from ransomware by only allowing BackupAssist to create, delete or update data in your backups. This means if the BackupAssist machine is infected, the ransomware cannot corrupt or delete backups. However, if your backups are on a NAS or network share, you need to ensure that all other computers cannot access your backup destination, as they could potentially spread an infection to it.
Important: Only your BackupAssist computer should have access to the folder containing your backups.
To ensure that this is the case, you should use Windows permissions to restrict access to the folder containing your backups. Ideally, only the Backup User Identity (the Windows account used to run your BackupAssist) should be able to access your backups. So take the time to check that only machines running BackupAssist and CryptoSafeGuard have access to the folders that the backups are in, and those folders only allow access to the Backup User Identity.
Test CryptoSafeGuard with your backup jobs
CryptoSafeGuard runs when each backup job starts and checks the files you’re backing up to see if they exhibit characteristics commonly associated with files encrypted by ransomware. For example, mangled file names or malformed files. It also checks for the mathematical properties of encrypted files. The process errs on the side of caution, so CryptoSafeGuard may raise alerts for files that are not infected.
This is more likely to occur the first time you run a backup job with CryptoSafeGuard. For this reason, you should do a test run of the backup jobs to see if any safe files are flagged by CryptoSafeGuard – so you can whitelist them. If CryptoSafeGuard flags a file that is not infected during its normally scheduled run, it will block all backup jobs from running and send a notification.
See our CryptoSafeGuard guide to learn how to review and whitelist files.
CryptoSafeGuard detects signs of a ransomware infection and protects your backups from being impacted by a ransomware infection. It does not protect the actual system from ransomware, or remove ransomware. If a machineâ€™s files have been encrypted by ransomware, that machine will usually need to be recovered from a backup, which is why CryptoSafeGuard is such a valuable feature.
To make sure CryptoSafeGuard and your backups continue to function as intended, remember to check your backup reports, test your disaster recovery plan and run test restores and recoveries.