Scan assets for ransomware and malware exposure
Table of Contents
Elastio helps defend your data from ransomware and malware attacks by detecting ransomware, crypto miners, trojans and other malware hiding in backups. Our malware engine is updated daily with the latest known malware. It detects evidence of a ransomware attack in the recovery points with deterministic and statistical analysis against all files in the backup. Elastio protects against over 1,000 known ransomware.
There are two approaches provided by Elastio to check recovery points for vulnerabilities.
Enable iscan for recovery points in a policy
The first approach is to enable iscan for a data protection policy. Policies are defined in the Tenant and are applied to assets within the accounts enabled with Elastio. Policies include both a protection schedule and integrity scan options. Follow these steps to enable recovery point scanning after every scheduled backup.
Proceed to the Policies page, press the “+New policy” button.
Figure 1: Add New Policy
Add a name to your policy and define a schedule for it.
Figure 2: Add policy schedule
Set an integrity scan to run against the recovery point after every backup. You can choose to run a check for ransomware, malware or both.
Figure 3: Add New Policy - Integrity Scan
After the policy is run at least once, navigate to the Reports page to check the details for each ransomware and malware checks performed.
Figure 4: Reports page
Click the Run Report button to see all Anti-Malware Scan Results.
Figure 5: Anti-Malware Scan Results
By clicking on the recovery point ID you will be redirected to the Asset page that carries the details on the asset that has been backed up.
Figure 6: Recovery Point to Asset page
Expand the row with the scan by clicking the “+” button. Then by clicking on the asset ID proceed to the Malware and Ransomware Scan Results.
Figure 7: Scan Results
Scan recovery points and paths through the Elastio CLI
The second way of checking recovery points for malware is to use the Elastio CLI Integrity Scan (iscan) command.
Elastio Integrity Scan capability is available using the elastio iscan command within the Elastio CLI. It can be initiated like so:
elastio iscan
Note: elastio iscan should be run on an EC2 instance in order to function properly. This restriction will soon be removed. Additionally, currently iscan might fail on amazon Linux 2 if the ntfs-3g is not installed. To install it, run:
sudo yum install ntfs-3g
Integrity Scan (iscan) can be used for a certain path:
elastio iscan --path <path>
or for a recovery point, where the recovery point must be that of an EC2, EBS or block:
elastio iscan --rp <rp-id>
The output is presented on the screen and saved in a .gz file. This file contains the details of the scan.
Check a directory for malware only:
elastio iscan --malware-only <path>
Check a mount point for ransomware and malware:
elastio mount rp –rp dgwmvmc2eiqlrqmltrw4q8nk /dev/sda1:/mnt
elastio iscan /mnt