Link Search Menu Expand Document

Scan Recovery Point for Ransomware and Malware

Table of Contents

Elastio helps defend your data from ransomware and malware attacks by detecting ransomware, crypto miners, trojans and other malware hiding in backups. Our malware engine is updated daily with the latest known malware. It detects evidence of a ransomware attack in the recovery points with deterministic and statistical analysis against all files in the backup. Elastio protects against over 1,000 known ransomware.

There are two approaches provided by Elastio to check recovery points for vulnerabilities.

Enable iscan for recovery points in a Policy

The first approach is to enable iscan for a data protection Policy. Policies are defined in the Elastio Tenant and are applied to assets within the accounts enabled with Elastio. Policies include both a protection schedule and integrity scan options. Follow these steps to enable recovery point scanning after every scheduled backup.

Proceed to the Policies page, press the “+New Policy” button.

Figure 1: Add new Policy

Figure 1: Add new Policy

Add a name to your Policy and define a schedule for it.

Figure 2: Add a Policy schedule

Figure 2: Add a Policy schedule

Set an integrity scan to run against the recovery point after every backup. You can choose to run a check for ransomware, malware or both.

Figure 3: Add new Policy - Integrity Scan

Figure 3: Add new Policy - Integrity Scan

After the Policy is run at least once, navigate to the Reports page to check the details for each ransomware and malware checks performed.

Figure 4: Reports page

Figure 4: Reports page

Click the Run Report button to see all Anti-Malware Scan Results.

Figure 5: Anti-Malware scan results

Figure 5: Anti-Malware scan results

By clicking on the recovery point ID you will be redirected to the asset page that carries the details on the asset that has been backed up.

Figure 6: Recovery Point to Asset page

Figure 6: Recovery Point to Asset page

Expand the row with the scan by clicking the “+” button. Then by clicking on the asset ID proceed to the Malware and Ransomware Scan Results.

Figure 7: Scan results

Figure 7: Scan results

Scan recovery points and paths through Elastio CLI

The second way of checking recovery points for malware is to use the Elastio CLI Integrity Scan (iscan) command.

Elastio Integrity Scan capability is available using the elastio iscan command within the Elastio CLI. It can be initiated like so:

elastio iscan

Note: elastio iscan should be run on an EC2 instance in order to function properly. This restriction will soon be removed. Additionally, currently iscan might fail on amazon Linux 2 if the ntfs-3g is not installed. To install it, run:

sudo yum install ntfs-3g

Integrity Scan (iscan) can be used for a certain path:

elastio iscan --path <path>

or for a recovery point, where the recovery point must be that of an EC2, EBS or block:

elastio iscan --rp <rp-id>

The output is presented on the screen and saved in a .gz file. This file contains the details of the scan.

Check a directory for malware only:

elastio iscan --malware-only <path>

Check a mount point for ransomware and malware:

elastio mount rp --rp <rp-id> 
elastio iscan /mnt