Unitrends builds ransomware detection and recovery into backup software


Unitrends Inc., a maker of enterprise backup and continuity products, is building ransomware detection into its Recovery Series of physical backup appliances and Unitrends Backup Software.

The new release leverages the always-on features of the products to spot anomalies and keep businesses running while ransomware is removed.

Makers of backup software so far have not participated in the battle against ransomware. But Paul Brady, chief executive at the Burlington, Massachusetts-based company, said it’s a natural next step. “We’re the last line of defense for ransomware,” he said.

Ransomware is a type of malware that encrypts the files on an infected computer, rendering them inaccessible. Owners typically pay a fee of a few thousand dollars via bitcoin to get a decryption key, although success is by no means guaranteed. Gartner Inc. has forecast that ransomware attacks will roughly double in frequency by 2019, reaching 4 million to 6 million that year.

Unitrends’ physical appliances come loaded and tuned with software that provides both on-premises backup and long-term retention in the company’s cloud. The Ransomware Detection feature uses predictive analytics to determine the probability that ransomware is operating on a server, workstation, or desktop computer and alerts administrators if an invasion is detected. Information Technology staff can then immediately restore to the last safe recovery point.

“We use a set of signals that involve things like data change, encryption or systems change that we compare with a baseline of the data to build a model of the parameters of data and data type changes,” said Chief Technology Officer Mark Campbell. The frequent emergence of new strains of ransomware makes foolproof detection impossible, but “for 99 percent of what we’re seeing there are common signals we can pick up,” Campbell said.

Users can choose how to receive alerts, whether by email, on screen or via Simple Network Management Protocol traps. They can then immediately spin up a recent backup to continue operations while the threat is expunged. “We have the ability to virtualize a Windows server in real time and spin it up, so you’re running your server on our backup appliance,” Brady said. “That lets you clean the device without losing uptime.”

Ransomware detection is included in Release 9.2 of Unitrends Backup Software. The new release also features role-based access control that permits administrators of SQL Server, Oracle, Microsoft Exchange, Microsoft SharePoint, and other system-specific servers to manage and operate their own backup and recovery. Companies with multiple branch offices can also centrally manage and monitor thousands of distributed backup appliances from one control point.

Unitrends offers a free version of its software and several other versions that are priced at perpetual license fees ranging from $349 to $1,699 per physical server or virtual central processing unit socket.

Image: redtype via Flickr CC