Documentation of Exiland Backup

File security

An encryption virus (also known as ransomware) is a common type of virus that encrypts the contents of files on your PC drives and demands a ransom for decryption. As a rule, the ransom conditions are described in the "readme.txt" file, which is located on the Desktop or in the same folder where the encrypted files are located.

NOTE! Exiland Backup cannot detect ransomware and destroy it, since it is not an antivirus program, but in some cases it allows you to protect the created archives from ransomware viruses, as well as warn you about of encrypted files in a source folder. Encrypted files are detected by file names that usually have the following extensions: ".paycrypt@gmail_com", ".da_vinci_code", ".locked", ".crypto", ".aes256", ".codercsu@gmail_com", ".oshit", ".xtbl" and others.

Notification about encrypted files

If an encryption virus (ransomware) encrypts files in the source folders, then there is no point in copying such files. Good (not yet encrypted) files will be deleted from the destination folder as new backups are created. Thus, you may lose important files. The Exiland Backup program can notify you when encrypted files are found and cancel the job. This way you will save protect files in previously created backups. The notification is displayed in the job execution log and looks like "Error" or "Warning" depending on the settings you choose.

Protection of archives against file-encrypting ransomware

Typically, an encryptor virus encrypts files having known extensions, such as zip, 7z, docx, xlsx, jpg, ppt, pst, etc. The Exiland Backup program allows you to change the extension of created archives (backups) and thus hide backups from encryption viruses.

Example: A ZIP archive might be named "Job1_2023-09-30_10-00.ddd" instead of the standard name "".
In any case, the format of the *.ddd file is ZIP.