CloudBerry Lab Resources
Get started with cloud backup and management solutions
CloudBerry Backup featured image

Ransomware Protection in CloudBerry Backup 5.8

Published: by on Post Type: Categories: CloudBerry Backup

Ransomware has been a growing problem for businesses and consumers this past year. Ransomware attacks disrupt normal business continuity by encrypting important business documents (or personal files like pictures, video, and documents) and demanding a ransom to recover the data. To help protect customer backups, we implemented ransomware protection functionality in CloudBerry Backup 5.8.

Table of Contents

    Ransomware Protection in CloudBerry Backup 5.8

    The new feature is designed to protect a customer's existing, good backups, from being overwritten by encrypted ones because of a ransomware attack. If you are ever infected with this type of malware, the last thing you want to happen is to have your good backups overwritten with ransomware encrypted ones. Shortly, here's how our ransomware protection works:

    CloudBerry Backup now detects encryption changes in files and prevents existing backups from being overwritten until an administrator confirms if there is an issue. Let’s dive deeper into the underlying process.

    When you enable ransomware protection in a backup plan, two things happen:

    1. CloudBerry performs the initial backup and efficiently analyzes the bit structure of each file to determine if the file is encrypted.
    2. During subsequent backups, we compare the original byte structure to the current byte structure. This allows us to identify any newly encrypted files. The backup plan completes normally, however, we prevent existing backups from being deleted regardless of retention policies. This way, existing good backups are protected and are available for restore. 

    Enabling Ransomware Protection

    Ransomware protection must be enabled in the Backup Wizard and is currently supported only for File-Level Backup. Launch the Backup Wizard and select the Enable ransomware protection option.

    Enabling Ransomware Protection in CloudBerry Backup

    Once the plan is saved, you'll see a "lock" icon for any plan with ransomware protection enabled.

    Backup plan with ransomware protection enabled

    If encryption changes are detected, any deletes from backup storage will be disabled for flagged files. Admins can quickly see a list all of all affected files and approve any false-positive detections.

    You manually inspect those files in Windows / File Explorer using the Show in Folder option. If you want to remove the most recent backup of an affected file from backup storage, select the file and click Delete.

    If you click Cancel, purge settings for any affected files will continue to be disabled and those files will remain on the list.

    Ransomware protection in action

    You can also be notified with an email that lists of all flagged files.

    Backup Plan With Ransomware Protection - Final Report


    Also note that using ransomware protection reduces the number of available retention policy settings. Namely, deleting files that have been deleted locally is unavailable when ransomware protection is enabled.


    CloudBerry Backup now provides the ability to enable ransomware protection that prevents your data in the cloud from being overwritten by the ransomware-encrypted data regardless of your retention policies. You can try the latest version of CloudBerry Backup absolutely for free. Just download the 15-day fully-functional trial version of the product and check if our backup solution meets your needs and requirements.