Revolving around the core of technology
I have my Windows 8 machine set up to back up every 15 minutes. I just received an email from the server saying there was a backup violation that appears to be ransomware. I then did a manual backup and looked at the log:
----------------------------------
Backup started on 5/7/18 8:54 AM and completed with one or more error. Time elapsed: 08:10 min.
Check the log file for details regarding the error(s)
Total bytes transferred 0 bytes
Total files: 2
Total errors: 1
Error - Possible ransomware detected. Skipping backup for C:\Users\QVCBuyer\Desktop
C:\Users\Howard\Documents\LPCXpresso_8.2.2_650\workspace\test - Deleted - 0 bytes
C:\Users\Howard\SimplicityStudio\v4_workspace\Site1_G2_R2_1.3.4.2 - Deleted - 0 bytes
----------------------------
So it's saying that it deleted these directories from the backup because it thinks they are infected with ransomware? Why might it think that? I use ESET and it's perfectly happy with the status of those directories and the rest of the machine. I'm not looking for any details of how the detection works but what is this message telling me?
Thanks!
Update - the emails are back again.
---------
A security policy violation has occurred in Syncrify, resulting in this email
message. Details are printing below.
Client's IP Address: 66.xx.xx.xx
Date/Time: 5/7/18 1:46 PM
User Email: howard@myactualemailaddress
Alert Type: POSSIBLE_RWP
Message: A possible ransomware attack detected while running backup on profile: QVCLAPTOP. If this is a false alarm, click 'Reset RWP' under 'Tools' menu in Syncrify Client.
Never mind (maybe) - I found http://web.synametrics.com/syncrify-ransom-ware.htm in a web search and it explains how the ransomware stuff works. It's pretty clever actually. I'm confident that the machine is okay so I'll reset the RWP unless someone suggests that I don't. I saw the random JPG files and deleted one. That's probably what set it off.