Ransomware detection

NGBackup watches your data in real time and reacts to ransomware as it happens — not after the backup fails.

Active detection

A File-Daemon sentinel monitors the filesystem and flags attacks using multiple signals:

• Shannon entropy spikes (mass encryption looks random).
• Burst renames and suspicious extensions.
• Altered-ratio thresholds across a tree.

Automatic response

When an attack is detected, NGBackup can take any of nine configurable response actions — from raising a high-priority alert and tagging the job, to pausing backups so a poisoned copy never overwrites a good one. Your clean, immutable backups survive the attack.

Incremental Accelerator

The same plugin includes an Incremental Accelerator that skips the File Daemon’s full tree-walk, making incrementals up to 3× faster on Linux — detection that also speeds up everyday backups.

See the Ransomware Detection plugin page for the full option list, and pair it with Immutability / WORM.