Ransomware detection

Unitrends uses a series of predictive analytics to identify possible ransomware infection on your protected assets. Ransomware attacks are commonly associated with aggressive rewrite activity and large influxes of randomized data. If both of these metrics suddenly exceed baseline levels established by the appliance, an alert is triggered that can be viewed in the Global menu at the top of the UI:

Click the ransomeware alert to view details. Unitrends recommends that you confirm the presence of malware on the identified asset and recover to the most recent safe backup. The Backup History report identifies any backups that are at risk of infection.


Ransomware detection functionality requires deduplication level 3. For further instructions on configuring deduplication levels, see Appliance settings.
Sudden changes in the volume of compressed, encrypted, or media data in your protected environment may trigger ransomware alerts.