BackupAssist CryptoSafeGuard

CryptoSafeGuard is a BackupAssist tool that protects backups from ransomware attack and prevents ransomware-encrypted files from being backed up. CryptoSafeGuard is available for BackupAssist 10.1 (or newer) users with valid BackupCare.

What is ransomware?

Ransomware is malware that encrypts files and demands payment to provide the decryption key so you can access those files again. Some ransomware can spread across connected machines and some can disable your system completely, so infected machines will often need to be recovered from a backup. It is therefore important that your backups are not infected, which is why CryptoSafeGuard is such an invaluable feature.

What does CryptoSafeGuard do?

To protect your systems against ransomware attacks, it’s critical that you have reliable backups so you can restore data or recover your entire system to ensure business continuity. However, when ransomware attacks your systems, it can also infect your backups, leaving them unusable. CryptoSafeGuard protects your backups from ransomware using two important features: the CryptoSafeGuard Detector and the CryptoSafeGuard Protector.

Running CryptoSafeGuard

Each job’s first CryptoSafeGuard scan may take some time depending on the amount of data being backed up. Subsequent CryptoSafeGuard scans will be a lot faster and have minimal impact on the backup jobs’ run times. The first scan may also detect a number of files for review, and whitelisting.

CryptoSafeGuard alerts

When a backup job’s CryptoSafeGuard scan believes there may be ransomware, an alert will show next to the job in the Monitor UI and a red banner will appear at the top of BackupAssist’s UI. If you have configured email and SMS notifications, an email and SMS alert will also be sent. BackupAssist’s alert banner is clickable and has a help link to the CryptoSafeGuard documentation.

Responding to a CryptoSafeGuard alert

When a possible ransomware infection is detected, all backup jobs will be blocked from running until the CryptoSafeGuard alert has been resolved. If you are not aware of a ransomware infection, BackupAssist will allow your IT systems administrator to review the suspected files. Safe files can be whitelisted.

Managing the whitelist

If you respond to a CryptoSafeGuard alert by whitelisting files, you can review and change your whitelist using the Manage Whitelist section of the CryptoSafeGuard Settings dialog. You can also use this dialog to add to your whitelist without an alert, but it is recommended that you use the alert list to inform your whitelisting decisions.

CryptoSafeGuard’s current limitations

SQL Protection jobs do not currently run with CryptoSafeGuard detection. For Hyper-V guests, only locally supported file systems and basic partitioned volumes are scanned.