Not a geek Leftnot a geek Right

Houston Computer Specialists Since 1984

About  Home Novell Microsoft Support Internet Virus Links Contact

Houston, Texas 77055

Ransomware Detection

SyncBackPro has the ability to check if a file has been changed. If your system is infected with ransomware then it will encrypt many of your files, e.g. documents, text files, pictures, music, videos, etc. It usually won't encrypt files required by the system, e.g. EXE and DLL files. In most cases you will know immediately if you are infected with ransomware because it will likely prompt you for payment to decrypt your files. However, your backups are usually automated so your backups will continue to run, which means your backup files are likely to be replaced with the encrypted files. To avoid this happening you can configure SyncBackPro to check if a specific file has changed, and if so, no profiles will run. To use this:

  1. Click the Create button. SyncBackPro will then create a file, with random content, in your My Documents folder. The file will have a random filename, but have the extension of .RTF
  2. SyncBackPro will then calculate the hash file of that file and record it.
  3. Now, whenever a profile is run, SyncBackPro will check to see if that file has changed, and if so, will not run the profile.

You can choose an existing file, if you wish, but you need to be sure that the file will not change. If you do change the files contents, click the Re-hash button to recalculate the hash value of the file. If you use an existing file it is recommended you copy a document or spreadsheet file that you already have and use the copy. By having an actual valid document it is more likely that it will be encrypted by ransomware.

 If you no longer want to detect if the file has changed, click the Clear button.

warning Note that 2BrightSparks cannot guarantee that SyncBackPro will be able to detect all types of ransomware infection using this technique.

  • Progress update frequency: If you move the slider to the far left then the progress bar will be updated very frequently. If you move it to the far right then they will be updated less frequently. Note that the more frequently the progress bar is updated then the slower the profiles will run. You can reduce the profile run time by reducing the update frequency.
  • Prompt me before running any profiles configured to run on shutdown/restart: If this option is ticked, and you have profiles that are set to run on Windows shutdown or restart, then you will be prompted before they are run. For example, you may want to shutdown quickly and therefore do not want the profiles to be run.

 

 warning Starting with Windows Vista, Microsoft introduced many restrictions on how programs can react to and handle the shutdown or restart of a computer. Due to these restrictions this option is not available on Windows Vista or newer.

  •   after profiles have run when configured to run on shutdown/restart: If you have a profile that is set to run on Windows shutdown or restart, then this setting tells SyncBackPro what to do after that profile has run. Unfortunately Windows does not tell SyncBackPro whether the user wants to shutdown or restart, so this setting is used to define what to do.

 

warning This option is not required on Windows Vista, Windows 7, Windows 8 or Windows 2008 R2, as Microsoft have changed the shutdown/logoff process and corrected this flaw. If you are using Vista or newer this option will not be displayed.

  • Default communication encryption to use with cloud services: By default SyncBackPro will use TLS v1.0 encryption when communicating with all cloud, and online services, if Windows 8.0 or earlier is used, otherwise TLS v1.2 is used. This provides the best compatibility with all cloud services and versions of Windows. More secure versions are available but they may not work with the cloud service or your operating system. This setting is the global default and so applies to all profiles, but you can override this setting in any cloud profile.