Synametrics Technologies

Current ransomware encrypted files are easy to be kept separated from uninfected ones, because of their renaming (an ".encrypted" extension is added after the file name), so if an automatic backup is scheduled, the encrypted files would be saved as new ones, and therefore a data recovery is fully possible.

But if any of those ransomware-writers will decide to leave the file names as they are, an automated backup would overwrite all good files, making the recovery impossible (if no versioning is applied).

The idea therefore is that, if during initial folder comparison, a given percentage of changed files over total is found, Syncrify should pause and send an e-mail to admin.

Luca,

Nice suggestion. I see a few problems with it though:

1. The current version of Syncrify does not analyze the entire dataset before backup starts. It looks at files as they come and backs them up. It will take a considerable about of time to start backups if Syncrify analyzed the entire dataset prior to actual backing up.
2. What if these guys update their ransom ware so it does not chang size and/or last modified data of the file? In that case, the logic will not work

How about we add a new feature that checks for a user configurable document file for modifications. Let's say this file is a Word Document on your Desktop or Documents folder. Syncrify will always do an MD5 signature match with the file on server. If the file is missing or a mismatch is found, it will send an email to the user and stop backup.

does syncrify protect against Ransomware like mentioned in the first post?

if versioning is enabled, will previous version be available?

Mark,

There are two features in Syncrify that, when combined, will protect you from Ransomware:

1. Versioning (http://web.synametrics.com/SyncrifyVersioningFeature.htm)
2. Delete Retention (http://web.synametrics.com/SyncrifyDeleteRetention.htm)

There are two types of ransomware:

1. One that renames the files and deletes the actual file name - this type will be protected by Delete Retension
2. One that leave the file names intact - this is protected by versioning.

Best regards,
Imran