Elastio helps defend your data from ransomware and malware attacks by detecting undetonated ransomware hiding in backups, and monitoring changes over time to detect ransomware attacks in progress.

Continuous Protection

The rapid rise of ransomware attacks requires taking protective countermeasures. Elastio features continuous anti-malware protection that is scanning your application recovery points for security threats before and after being pushed to production

Attack protection

Elastio helps defend your data from ransomware and malware attacks by detecting ransomware, crypto miners, trojans and other malware hiding in backups. Our malware engine is updated daily with the latest known malware.

Attack detection

Detects evidence of a ransomware attack in your recovery points with deterministic and statistical analysis against all files in the backup. Elastio protects against over 1,000 known ransomware.


Elastio reports on suspicious activity and threat details. The analysis is immediately sent to our logging service. Forensics teams can access the infected recovery points to assess the scope of the infection and recover individual files and entire machines directly from prior clean copies of the data.

Air-gapped Vaults

Security best practice is to store backups in a separate account from the production data further isolating backups from bad actors. With Elastio, this is as simple as creating a separate AWS account, deploying Elastio into that account and configuring the data protection policy to direct backups to the air-gapped account.

How Elastio protects against 1,000 known types of ransomware

Existing approaches to ransomware detection are applied on the system being protected, and utilize some combination of static analysis of executables for known malware, and dynamic analysis of the behavior of running processes for suspicious behavior. In addition to requiring the deployment and maintenance of software on every host, these kinds of solutions need to detect ransomware before it detonates and must make quick decisions to allow or block a particular process or file write. On server class systems in particular this can be computationally expensive and the cost of a false positive is high.

Elastio has the advantage of access to multiple point-in-time backups of the existing data, and performs its analysis off-host where low latency and quick results are less critical. Not only does this allow us to perform more complex analysis than would be practical on host, but it also lets us leverage our access to prior versions of the backup to identify suspicious patterns of changes across the entire system, not just one process or one write operation at a time. Combined with the optimizations built in to our ScaleZ storage engine which allow us to compute very efficiently which regions of which files have changed since a prior point in time, we are able to do a much more thorough analysis of changes and thereby produce a high-confidence signal as to the presence or absence of a ransomware detonation. This means we can detect ransomware attacks, and also reliably detect which backups are tainted and which are not, so as to speed recovery efforts.

This approach is complementary with existing on-host systems in a defense-in-depth strategy. On-host anti-ransomware products can provide a first line of defense, with Elastio’s protection of backup integrity ensuring that a failure in the front line doesn’t mean a total loss.

Scroll to Top