How you can protect backups from ransomware.
Your backups are your last line of defense. But they’re useless if corrupted or infected by ransomware. Don't let the criminals outplay you.
CryptoSafeGuard is the piece that's missing from other systems, guarding the integrity of your backups. Bundled free with every BackupCare subscription, CryptoSafeGuard works 24/7 to shield, detect, alert and protect your backups from ransomware. With a solid defense, you should never be a victim or pay a ransom.
What's in it for you
A parachute with holes is of no use. Neither is a backup corrupted by ransomware. CryptoSafeGuard runs to protect your backups from ransomware, ensuring you can depend on your backups when the unfortunate occurs.
How it works
CryptoSafeGuard uses a two-pronged approach to mitigate the destructive effects of ransomware and protect your backups.
Defense #1: The Shield
The Shield restricts based on process, which is a more effective method to preserve the integrity of your backups.
Independent Security Analysis
Defense #2: Detect – Preserve – Alert
Finally, system administrators can regain control in the event of a ransomware outbreak.
Manage your ransomware protection
Configure SMS alerts
Run a manual scan
Be protected if infection strikes
Whitelist safe files
In its first 24 months, CryptoSafeGuard sent over 5,500 text messages (SMS), alerting administrators of suspicious activity. It even detected previous ransomware incidents that were not fully cleaned up.
Frequently Asked Questions
Unfortunately, ransomware can infect and corrupt your backups. There are two essential problems:
- The entire backup can be corrupted by ransomware, which tries to delete or encrypt your backup.
- If you suffer an infection, encrypted files can sneak into your backup, if left unchecked.
A full description of the problem is provided in our blog post: https://www.backupassist.com/blog/can-ransomware-infect-your-backup
Therefore it is important to protect your backups from ransomware. You can do that easily in the BackupAssist solution in two ways:
- Take your backup offline. For example, if you back up to rotating hard drives, the hard drives that you disconnect from the server cannot be corrupted because they are not physically connected to the machine.
- For all online backups, CryptoSafeGuard will protect them from ransomware as we explain above.
Yes, it blocks unauthorized forms of access, such as a malicious user deleting or otherwise attempting to overwrite or alter the backup files.
No. CryptoSafeGuard is exclusive to BackupAssist products.
Even if you air gap your backups, we still recommend running CryptoSafeGuard. A normal hard drive rotation scheme will still expose a backup to possible ransomware corruption when it is connected to the computer. Therefore, CryptoSafeGuard will reduce your potential data loss from the time of your 2nd last backup to your last backup.
The second benefit of CryptoSafeGuard is the Detector. This will prevent encrypted files from sneaking into your backup, while also giving control back to the administrator by alerting about the suspicious activity.
The goal of CryptoSafeGuard is to provide the best security possible within the context of an SME backup solution. It does a remarkable job at shielding backups from ransomware, and has been independently verified by a leading security testing firm.
That being said, the general consensus among security experts is that any attacker, sufficiently well funded and motivated, is exceptionally difficult to defend against. By way of example, nation state hacking is a problem that is almost impossible to address. CryptoSafeGuard is designed to protect against ransomware, not necessarily teams of sophisticated hackers. However, these should not be the concerns of the average SME!
As mentioned previously, taking the backup offline (completely disconnected from a running machine) or writing it to write-once media are the only 100% sure ways of ensuring that the backup will not be destroyed via electronic sabotage.
Realistically, no security vendor – including anti-virus and anti-malware vendors – can guarantee 100% security, 100% of the time. Security is an ongoing pursuit as what is considered safe today may not be considered safe tomorrow.
You may have heard that malware is continually evolving, and detection products have a hard time keeping up. Therefore, is CryptoSafeGuard going to provide good protection in the future
CryptoSafeGuard is considerably more future-proof than say signature-based virus scanners. The reason why is because CryptoSafeGuard does not look for the ransomware itself like a conventional anti-virus or anti-malware product. Instead, it looks for the signs of ransomware damage – and these signs are universal (i.e. sabotaging and encrypting your data). This is like looking for damaged buildings instead of looking for the hurricane itself.
Therefore, CryptoSafeGuard is not tied down to any particular strain of ransomware. So unlike virus definitions that will automatically be ineffective against new viruses, CryptoSafeGuard will function against future ransomware strains as they generally behave in similar ways.
That being said, we are continually updating the algorithms behind CryptoSafeGuard. That’s why it’s a good idea to keep your BackupCare up to date.
Just as a hurricane leaves identifiable signs of destruction, so too does ransomware.
The role of CryptoSafeGuard is to protect against the threat in the most generic way possible.
CryptoSafeGuard’s detector looks at patterns of behaviour. We have multiple techniques for detecting suspicious behaviour, and if anomalies are found, the detector will progressively scan further to more accurately assess and diagnose the issue. While we do not publish our exact methods, at a broad level, things that our detector looks for include:
- Changes to the file and directory structure
- Deep content inspection
- Ransom messages
The only way to get CryptoSafeGuard is to have a valid subscription to BackupCare, our assurance program for BackupAssist.