How you can protect backups from ransomware.

Your backups are your last line of defense. But they’re useless if corrupted or infected by ransomware. Don't let the criminals outplay you.

CryptoSafeGuard is the piece that's missing from other systems, guarding the integrity of your backups. Bundled free with every BackupCare subscription, CryptoSafeGuard works 24/7 to shield, detect, alert and protect your backups from ransomware. With a solid defense, you should never be a victim or pay a ransom.

CryptoSafeGuard

  • Backups are vulnerable to corruption from both inside and outside
  • When this happens, your data won’t be available for recovery
  • You can even lose data if you get caught up in someone else’s infection
  • Attacks are fast, and catch most unprepared
  • This problem takes most victims by surprise. Recent high-profile ransomware cases confirm the extent of problem.

CryptoSafeGuard

  • CryptoSafeGuard works 24/7 to protect the integrity of your backups
  • It protects you even if someone else’s encrypted files find their way onto your system
  • SMS alert the instant we detect an anomaly
  • Enhanced shielding for your backups beyond air-gapping
  • Regain control and give your organization the best cyber-resilience with CryptoSafeGuard

What's in it for you

A parachute with holes is of no use. Neither is a backup corrupted by ransomware. CryptoSafeGuard runs to protect your backups from ransomware, ensuring you can depend on your backups when the unfortunate occurs.

Prohibit ransomware from encrypting your backups
Prevent corrupted files getting into your backups
Receive notification alerts the instant we detect any anomaly
Benefit from this exceptional protection, free with BackupCare

The Industry
Expert’s Opinion

  • expert_curtis-preston W. Curtis Preston,
    Senior Analyst, Storage Switzerland
“This two-pronged approach of protecting the backups themselves from an attack and checking the contents of the backups for evidence of compromised files in the environment is a solid approach.”

How it works

CryptoSafeGuard uses a two-pronged approach to mitigate the destructive effects of ransomware on your backups.
  • engine Under the Hood

CryptoSafeGuard uses a two-pronged approach to mitigate the destructive effects of ransomware and protect your backups.

1. The Shield

The CryptoSafeGuard Shield actively monitors the I/O to your backup files and actively blocks unauthorized operations.

2. The Detector

The CryptoSafeGuard Detector looks for signs of crypto-ransomware activity whenever a backup is performed.

Defense #1: The Shield

  • Blocks unauthorized processes from accessing a USB or Network connected backup.
  • Shields against crypto-infection of on-premise backups.
  • Active 24/7.
The Shield protects backup files where ordinary user-based access controls fail. Conventional user-based access controls (such as those offered by NTFS, or NAS that integrate with Active Directory) fail because they restrict access based on the user. Ransomware can bypass these controls as it can run as a regular user or a privileged user.

The Shield restricts based on process, which is a more effective method to preserve the integrity of your backups.

Independent Security Analysis

“BackupAssist’s CryptoSafeGuard Detector and Shield had a 100% success rate against every ransomware strain we tested it against, including highly destructive strains of Locky, CryptoLocker, and TeslaCrypt. In every case, CryptoSafeGuard successfully identified the ransomware infection and ensured no backups were overwritten with encrypted files.”

Defense #2: Detect – Preserve – Alert

When suspicious activity is detected, CryptoSafeGuard springs into action, preserving the last known-good backup, and sending an SMS alert to the registered administrator.

Finally, system administrators can regain control in the event of a ransomware outbreak.
  • What you see:
Using CryptoSafeGuard is a piece of cake

Quick Facts

In its first 24 months, CryptoSafeGuard sent over 5,500 text messages (SMS), alerting administrators of suspicious activity. It even detected previous ransomware incidents that were not fully cleaned up.

Frequently Asked Questions

Unfortunately, ransomware can infect and corrupt your backups. There are two essential problems:

  1. The entire backup can be corrupted by ransomware, which tries to delete or encrypt your backup.
  2. If you suffer an infection, encrypted files can sneak into your backup, if left unchecked.

A full description of the problem is provided in our blog post: https://www.backupassist.com/blog/can-ransomware-infect-your-backup

Therefore it is important to protect your backups from ransomware. You can do that easily in the BackupAssist solution in two ways:

  1. Take your backup offline. For example, if you back up to rotating hard drives, the hard drives that you disconnect from the server cannot be corrupted because they are not physically connected to the machine.
  2. For all online backups, CryptoSafeGuard will protect them from ransomware as we explain above.

Yes, it blocks unauthorized forms of access, such as a malicious user deleting or otherwise attempting to overwrite or alter the backup files.

No. CryptoSafeGuard is exclusive to BackupAssist products.

Even if you air gap your backups, we still recommend running CryptoSafeGuard. A normal hard drive rotation scheme will still expose a backup to possible ransomware corruption when it is connected to the computer. Therefore, CryptoSafeGuard will reduce your potential data loss from the time of your 2nd last backup to your last backup.

The second benefit of CryptoSafeGuard is the Detector. This will prevent encrypted files from sneaking into your backup, while also giving control back to the administrator by alerting about the suspicious activity.

The goal of CryptoSafeGuard is to provide the best security possible within the context of an SME backup solution. It does a remarkable job at shielding backups from ransomware, and has been independently verified by a leading security testing firm.


That being said, the general consensus among security experts is that any attacker, sufficiently well funded and motivated, is exceptionally difficult to defend against. By way of example, nation state hacking is a problem that is almost impossible to address. CryptoSafeGuard is designed to protect against ransomware, not necessarily teams of sophisticated hackers. However, these should not be the concerns of the average SME!


As mentioned previously, taking the backup offline (completely disconnected from a running machine) or writing it to write-once media are the only 100% sure ways of ensuring that the backup will not be destroyed via electronic sabotage.


Realistically, no security vendor – including anti-virus and anti-malware vendors – can guarantee 100% security, 100% of the time. Security is an ongoing pursuit as what is considered safe today may not be considered safe tomorrow.

You may have heard that malware is continually evolving, and detection products have a hard time keeping up. Therefore, is CryptoSafeGuard going to provide good protection in the future

CryptoSafeGuard is considerably more future-proof than say signature-based virus scanners. The reason why is because CryptoSafeGuard does not look for the ransomware itself like a conventional anti-virus or anti-malware product. Instead, it looks for the signs of ransomware damage – and these signs are universal (i.e. sabotaging and encrypting your data). This is like looking for damaged buildings instead of looking for the hurricane itself.

Therefore, CryptoSafeGuard is not tied down to any particular strain of ransomware. So unlike virus definitions that will automatically be ineffective against new viruses, CryptoSafeGuard will function against future ransomware strains as they generally behave in similar ways.

That being said, we are continually updating the algorithms behind CryptoSafeGuard. That’s why it’s a good idea to keep your BackupCare up to date.

Just as a hurricane leaves identifiable signs of destruction, so too does ransomware.

The role of CryptoSafeGuard is to protect against the threat in the most generic way possible.

CryptoSafeGuard’s detector looks at patterns of behaviour. We have multiple techniques for detecting suspicious behaviour, and if anomalies are found, the detector will progressively scan further to more accurately assess and diagnose the issue. While we do not publish our exact methods, at a broad level, things that our detector looks for include:

  • Changes to the file and directory structure
  • Deep content inspection
  • Ransom messages

The only way to get CryptoSafeGuard is to have a valid subscription to BackupCare, our assurance program for BackupAssist.