The new BackupAssist technology uses algorithms to detect corrupted files, then locks off the backups, to prevent their being corrupted, and blocks future ones until the problem is fixed.
“This is a brand new technology that we have developed,” said Troy Vertigan, Vice President of Sales and Marketing at BackupAssist. “The threat of ransomware is increasing exponentially. The cost of ransomware attacks rose from just under $3.8 million in 2015 to $638 million in 2016.” It’s also striking the SMB market – BackupAssist’s core constituency – as well as larger companies with more money.
“Just over 12 months ago, we decided to take some actions of our own and began research into the algorithms,” Vertigan said.
“In my research, I found that even the FBI doesn’t have a solution for this,” said Linus Chang, BackupAssist’s founder and CEO. “It has also become more aggressive. You used to have to download it to get it. Now they make active hacking attempts, exploits of vulnerabilities and things like hollow memory injections that are impossible to detect.”
Backup vendors have a further problem because of what Chang called infection magnification – where a single infected machine can corrupt primary storage, distributed storage synced to the cloud, the backup storage itself.
“They can all be corrupted,” he said. “Because the ransomware-affected backups take up more space, you can have a backup of entirely corrupted files and no history to fall back on.”
Chang said that backup vendors do, however, have the ability to assist in devising a response to the ransomware problem
“We are experts at copying files and scanning file systems, where we look for changes in data to know what to back up,” he said. “This allows us to reliably detect the aftermath of an infection. We can use mathematical properties to tell if a file is encrypted or not.”
CryptoSafeguard’s method consists of three steps, First, when a backup takes place, it looks for corrupted files. It then stops the ransomware from corrupting the backup itself, creating an effective wall between the ransomware and the backups. Finally, it responds, by alerting the customer through email and SMS, and blocking future backups to protect the last good one.
“This preserves the last clean backup, giving the admin the power to recover from it,” Chang said. “The backup shielding blocks unauthorized processes from accessing a USB or Network connected backup through the Windows Device Driver. It will also block rogue employees or hackers trying to delete backups manually.
Chang stressed that BackupAssist isn’t claiming that this is a silver bullet which by itself will protect customers from ransomware.
“It is designed to complement existing security, and add an extra layer of protection,” he said.
CryptoSafeGuard is available immediately and is being added to BackupAssist’s existing BackupCare support services. While customers can purchase it in a bundle with perpetual licenses, MSP pricing is $15 a month.
“Over 50 per cent bundle it with the initial purchase, but we are expecting the rate to increase significantly with the addition of CryptoSafeguard,” Vertigan said. “For partners, this will be a source of extra margin.”