Early Warnings Key to Recovery in Ransomware Attacks: Introducing Anomaly Detection

While our enterprise cloud backup solution continues to help companies defeat ransomware, we’re excited to strengthen our platform with a new anomaly detection feature that will alert users and admins that something unusual is happening on their machines before the ransom is initiated.

It’s an early warning system that enables companies to quickly isolate a ransomware infection and recover important data before the entire network is frozen.  Since ransomware slowly infects files over a period time, many IT admins are unaware that their company is infected until it’s too late. Anomaly detection ensures you’ll never be caught off guard.

How does anomaly detection work?

The Infrascale cloud backup platform makes it easy to automate a regular backup schedule.  We recommend every hour for end-users and daily for servers.

With each backup, we record and report the total number of files and data size that are:

  • In the current backup set
  • Newly created on the machine
  • Changed and backed up as new versions
  • Unchanged
  • Unable to be backed up

The figures above keep a fairly tight average over time, and only significant changes to the environment will yield figures far beyond the typical averages—new drives, migrated files, deleted files, malware or ransomware.

Although various Ransomware strains operate differently, we can count on two consistent and major behaviors:

  1. Affected files are renamed, registering as ‘new files’ when a backup runs.
  2. Affected files are modified with the encryption software, registering as ‘changed files’ when a backup runs.

By tracking the backup trends for your devices and reporting the event details, Infrascale provides an anomaly warning that lets you know when your ‘new’ or ‘changed’ file count jumps off the chart. You can watch the how-to video here:


Why is my anti-virus and anti-malware software not good enough?

Anti-virus (AV) works like a door-man enforcing a no-entry list at a party. There is a constant stream of new members to this no-entry list. This means that even if the list is updated regularly, the list is always out of date (and let’s be honest we’ve all figured out a way to slip behind the velvet rope). Sometimes, the bouncer asks the host whether or not someone should come in or not and that requires that the host be trained to make such a decision for this to be a reliable prevention.

Anti-malware (AM) is your security inside the event. In addition to the no-entry list, they’re trained to use behavioral monitoring as a means to bounce guests who don’t belong.  Again, the problem is that someone always manages to make it past security into the VIP area.

While these solutions are necessary, they don’t help you when something goes wrong.

Ransomware protection power couple: cloud backup + anomaly detection

The status quo for ransomware defense has been email security, anti-virus and anti-malware software, but more companies continue to discover that this isn’t enough.  The reality is that employees will accidentally click on phishing emails, software will not be updated, and attacks will get more sophisticated.

The only way to truly protect your company from data loss (and not pay a ransom) is to be able to:

  • Get early warning alerts from your backup system so you can stop the activation and contain the spread of Ransomware.
  • Recover data when something bad happens: malware, hardware failure, accidental deletion, natural disasters or human error. Your backups will be your final option to avoid paying costly ransomware to protect your data.
  • Have unlimited file versioning so you can restore from a good backup.

The best part is that you can test-drive all of this with our free 60 day cloud backup trial, which includes:

  • Complete Environment Protection: Servers, PCs, Macs, and mobile devices
  • Anomaly Detection
  • Unlimited Archiving: Restore critical files from a clean backup with unlimited version history and archiving.
  • Fast & Automatic Backups: Automate backups and alerts through web-based dashboard
  • Easy Testing: Run a test recovery to ensure important files are there
  • 24/7 support: 24×7 free US-based phone support
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.