UltraBac Backup/DR Software V.11.0 with Built-in Detection for Ransomware Attacks

UltraBac announced version 11.0 of its backup/DR software with built-in detection for ransomware attacks, and other operational conditions, that would cause excessive disk activity during an image backup and/or continuous replication operation.

The company’s ransomware detection works by comparing the number of changed blocks between incremental image backups and incremental replication operations to Microsoft’s low-cost Azure Global or Government storage.

Users can set thresholds for the amount of changed block activity before either initiating a warning or aborting the operation. If an incremental backup or replication operation finds that more blocks than the set warning parameter have changed since the last operation an email is sent and the activity is recorded in the backup log. If an operation finds that more blocks than the set abort value have changed then the operation is canceled and logged.

By monitoring the percentage of changed blocks between incremental backups, with an appropriate warning threshold set (e.g. 25%), the firm’s software proactively detects suspicious disk activity and generates an alert that should be investigated to make sure ransomware is not actively encrypting your data.

In addition, if the abort threshold is set to an appropriate value (e.g. 50%), the operation will be canceled so the cause can be investigated and the backup or replication operation will not consume more of an end user’s local or cloud storage than necessary.

The company’s ransomware detection is a built-in feature for mountable image backup and continuous replication to Azure storage. Once a full image backup or full replication has been performed, subsequent incremental operations can be scheduled at any required interval (e.g. every 15mn) with no set limit to how many can be run.

Download a 30-day evaluation