Retrospect Blog

Protection from Ransomware with Retrospect

The WannaCry Ransomware has affected more than 300,000 computers in over 150 countries but is just one in a growing list of malware that can effectively wipe out your data. Here are some tips on using Retrospect to protect your data and keep it from happening to you, as well as using Retrospect to find out if it has happened so that you can recover quickly.


Aside from good general advice, such as keeping your operating system up to date, running virus scanners or using dedicated ransomware blockers, sites such as No More Ransom! advocate "Back-up! Back-up! Back-up!" as the number one preventative measure.

Endpoint Protection

Malware can hit any computer in your environment. The WannaCry Ransomware was actually an internet worm, not simply a phishing attack, so the malware was able to spread automatically across networks using a security flaw in Windows. With threats like this, you need to protect every computer, not just your server or file share.

With features like smart incremental backup, file-level deduplication, proactive backup, block-level incremental backup, and script hooks, Retrospect makes it easy to protect every computer in your environment, be it Windows, Mac and Linux desktops, laptops, and servers. Retrospect backs up each computer quickly and automatically according to a dynamic schedule, so your computers will be fully protected against attacks.

Multiple copies, multiple locations

As we covered in Audit your Backups, make sure you have more than one backup, and that you spread your backups to multiple destinations. If all of your backups are on a single disk that is connected to your computer, those backups can be encrypted at the same time as your source data, rendering them useless. So ensure you have current backups in an offsite location.

Retrospect supports a long list of cloud storage providers, including Amazon S3, Google Cloud Storage, Backblaze B2, and Dropbox. Cloud storage is a great way to manage offsite protection because the storage isn’t mounted as a volume on your computer like local hard drives or network-attached storage (NAS), so malware does not have access to it. Moreover, our offsite protection fully supports advanced encryption like AES-256 for complete security.


Paying the ransom is not recommended as you are not guaranteed to get your data back. Moreover, you are demonstrating to the criminals that their tactics are effective and that they should continue.

Instead, if you have a full system backup using Retrospect, erasing your hard drive and restoring from a known safe backup is your best guarantee. With Retrospect Disaster Recovery, you can restore your full system using a clean snapshot prior to the attack.

Before erasing and going through the full restore, do a small restore of a known infected file to make sure that backup is unaffected. Retrospect can run 16 simultaneous restores, so if you have multiple computers affected, you can restore them all at the same time.


Monitoring your backups routinely can help detect that you have been attacked. A sudden spike in data being backed up may be an indication that ransomware has encrypted your machine.


JG Heithcock

JG Heithcock is GM at Retrospect and has eighteen years experience in the storage and backup industry.