Ransomware Detection

SyncBackPro has the ability to check if a file has been changed. If your system is infected with ransomware then it will encrypt many of your files, e.g. documents, text files, pictures, music, videos, etc. It usually won't encrypt files required by the system, e.g. EXE and DLL files. In most cases you will know immediately if you are infected with ransomware because it will likely prompt you for payment to decrypt your files. However, your backups are usually automated so your backups will continue to run, which means your backup files are likely to be replaced with the encrypted files. To avoid this happening you can configure SyncBackPro to check if a specific file has changed, and if so, no profiles will run. To use this:

  1. Click the Create button. SyncBackPro will then create a file, with random content, in your My Documents folder. The file will have a random filename, but have the extension of .RTF
  2. SyncBackPro will then calculate the hash file of that file and record it.
  3. Now, whenever a profile is run, SyncBackPro will check to see if that file has changed, and if so, will not run the profile.

You can choose an existing file, if you wish, but you need to be sure that the file will not change. If you do change the files contents, click the Re-hash button to recalculate the hash value of the file. If you use an existing file it is recommended you copy a document or spreadsheet file that you already have and use the copy. By having an actual valid document it is more likely that it will be encrypted by ransomware.

 If you no longer want to detect if the file has changed, click the Clear button.

warning Note that 2BrightSparks cannot guarantee that SyncBackPro will be able to detect all types of ransomware infection using this technique.

 

 warning Starting with Windows Vista, Microsoft introduced many restrictions on how programs can react to and handle the shutdown or restart of a computer. Due to these restrictions this option is not available on Windows Vista or newer.

 

warning This option is not required on Windows Vista, Windows 7, Windows 8 or Windows 2008 R2, as Microsoft have changed the shutdown/logoff process and corrected this flaw. If you are using Vista or newer this option will not be displayed.