Ransomware Protection

Ransomware attacks are growing
BaQapp protects your data from Ransomware through insulated storage.

BaQapp insulates the data

Windows based malware/ ransomware target locally attached drives and Windows network shares that most backup solutions typically use.

Ransomware will infect network connected computers, mapped drives, file shares or even cloud drives that appear as network drives. Ransomware can spread to an attached thumb drive or externally attached hard drive. Ransomware will infect system files, Windows volume shadow copies (VSS) or System Restore functions you might otherwise deploy.

BaQapp's' unique network protocol backs up files using Debian Linux, providing a different OS environment which malware/ransomware are unlikely to deliver their "payload" or attack which is typically browser based.

The BaQapp endpoint app backs up files and disk images, over the LAN to a local Debian Linux, BaQapp server. This provides a "hardened" OS environment which makes it extremely unlikely that ransomware will be able to deliver their "payload" or attack. BaQapp keeps your data safely by limiting access much like having a room with no windows and only a secure locked door.

ransomware protection

What is Ransomware?

"Ransomware is a type of malware that restricts access to a computer system that it infects in some way, and demands that the user pay a ransom to the operators of the malware to remove the restriction. Ransomware typically propagates as a trojan, entering a system through, for example, a downloaded file or a vulnerability in a network service.

The program then runs a payload......in the form of an application designed to lock or restrict the system until payment is made,or encrypting files, in such a way that only the malware author has the needed decryption key. By late-November 2014, it was estimated that TorrentLocker, comparable to CryptoDefense, has infected over 9,000 users in Australia alone, trailing only Turkey with 11,700 infections"
From Wikipedia.

BaQapp does not allow the infection to spread

Since your BaQapp data is stored similar to read only data on a CD, the malware or ransomware cannot spread from backup to backup which would happen to storage attached to your PC.

Linux is almost Virus free

BaQapp operates under the Linux operating system. GNU Linux is also one of the most used operating systems, used by Google, Twitter, Facebook, MacDonalds, IBM, NASA, New York Stock Exchange, Bullet Trains and many more.


BaQapp can archive any incremental or full file backups indefinitely.
BaQapp Archiving allows you to select a backup that will never be deleted.

Standard Configuration

The BaQapp System is supplied pre-configured as follows:
  • Incremental Backup of all changed files on each PC every 4 hours during working hours.
  • Full file backup every 7 days.
  • Incremental image backup every 7 days.
  • Full Image backup every 30 days.
  • If the BaQapp hard drive becomes full, the oldest backups will be deleted first, unless a particular backup has been set to be archived, in which case it will never be deleted by the BaQapp.
  • The BaQapp will automatically backup the "C" drive on Windows computers with the BaQapp client software installed, and can easily be instructed to also backup any attached Windows drives.

Drive cloning and upgrading

Another feature of BaQapp is the facility to easily duplicate or clone and even replace a drive. You or your IT supplier can add an extra or larger hard drive or replacement drive that will continue to add backups, while the extra drive or removed drive is safely stored in another location or in a secure place.

It is expected that a removed hard drive will store information for 3 to 5 years without material loss without being activated. If the drive is activated every few years, it should store the data safely indefinitely. With the falling price of hard drives this seems to be an obvious method of storing your data almost indefinitely, much as data was stored on floppy disk and then compact disc.

BaQapp Archiving

Keep backups indefinitely

Archiving means that the files and folders in that file backup such as photos are never deleted in your BaQapp system even if deleted in the original computer.

All that is required is to access the BaQapp menu through your password and select which incremental or full file you wish to archive.


Your backups can be accessed without special software. You can also access the backups directly from your PC without using BaQapp, as long as you have your secure key.

Drive capacity reports

BaQapp shows what percentage of the storage is available.

When the BaQapp is almost full, during the nightly cleanup time, BaQapp will delete the oldest file and image backups. BaQapp will not delete backups that are marked to be archived.

Drive capacity report
( )

Drive 1 (%)
Drive 2 (%)
Drive 3 (%)
Drive 4 (%)

Back To Base Reporting

Would you remember to pay your insurance, your car licence, your NRMA without a reminder?
The BaQapp Back-to-Base monitoring checks if your backups are current and then tells you if not.

Back-to-Base Reporting Cost

The BaQapp is supplied with 90 days FREE reporting by BaQapp Pty Ltd by checking that your BaQapp system is working effectively. Thereafter the should you wish to continue with the Back-to-Base reporting the cost is $99.00 per year including GST for unlimited number of endpoints (PCs and Servers), payable in advance, or $11.00 paid monthly.

reporting email

Default reporting includes weekly global email reports on all the endpoints that should be backed up, warning email drawing attention to any endpoint backups that are more than 10 days overdue, then optional SMS and by phone if more than 2 weeks behind. The reporting service includes reasonable online and telephone help.

The Back-to-Base Reporting Service does not include fixing network and internet service that are not directly related to the BaQapp Software.

Peace of Mind

There can be no better way to know that your backups are being done.

BaQapp Pty Ltd has no access to your data.
All that our the monitoring system receives is an extract of the backup report text file. BaQapp automatically analysis this report, and if the analysis show that an endpoint (a Macintosh, PC or Server that is not backing up) or is overdue for a file or image backup, you will be sent an automatically generated email drawing your attention to the missed backup.

Should you not respond, and the backup continues to be missed, a few days later you will receive a second reminder. Again should no response be noted, optionally you will receive a reminder SMS on the mobile phone number that you entered when installing BaQapp.

There will additionally be the option for a phone call. These reminders can also be sent to your computer consultant or reseller who will be able to deal with the problem.


BaQapp Pty Ltd has no access to your data. All that our monitoring system sends is an extract of the backup report text file, which contains only the endpoints last file and image backup dates.

Back-to-base backup reporting is like comparing the often ignored noisy burglar alarm to a back-to-base monitored alarm where someone will contact you, send a technician or call the police.


Deduplication enables more backups to be stored in less space for a lower cost.
BaQapp uses both file level deduplication and block level deduplication.

File level De-duplication

File based de-duplication means that identical files even from different computers are only copied once. This means that if several computers have the same operating systems, then any file that appears in those computers operating system, as well as any software, data or other types of files will only need to be stored once in with BaQapp. This saves a huge amount of space, and also explains why BaQapp backups are much smaller than expected.


Block Level De-duplication

BaQapp compresses the amount of data by using block level deduplication, so that you can store more backups in less space at lower cost. Block level deduplication goes a step further. With block level deduplication (sometimes described as Delta copying) only the changes in a file need be stored, and if recovery is required the File system will combine the parts of the file to make a full copy.

BaQapp does both File level deduplication and block level deduplication, making it extremely efficient at saving storage space.

Encryption and Password Protection

Encryption with Password Protection is the first layer of data security.
Encryption is the most effective way to achieve data security.


Backup storage is encryption key protected with AES 256 bit encryption, securing your data if your BaQapp storage is lost or stolen. Your BaQapp stores the encryption key in its operating system, so when the backup drive is attached to the BaQapp, you do not need to enter any encryption key.

However should the storage drive be removed from the backup appliance, it will not be readable without the encryption key, protecting the data on the hard drive if the hard drive was stolen or in transit for updating or seeding.

"Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text."
From Wikipedia
"The Advanced Encryption Standard (AES), also known as Rijndael (its original name), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001."
From Wikipedia

As for now, there are no known practical attacks that would allow anyone to read correctly implemented AES encrypted data.

Error Correction

BaQapp uses the Btrfs Operating System with inbuilt Error Correction.
Error Correction allows the repair of missing data.

Why Error Correction

Hard Drive and Solid State Drive data is stored by tiny magnetic bits. This magnetic data is subject to failure from wear, shock, outside magnetic influences, which can cause data loss.

BaQapp backups are saved with extra data for error correction, enabling recovery of lost and damaged bits.

BaQapp uses the Btrfs file system, which has its own error correction built in. BaQapp protects your backup data from deterioration and bit rot. Your data will be safer for longer.

Error Correction
"Error detection and correction codes are often used to improve the reliability of data storage media. Reed Solomon codes are used in compact discs to correct errors caused by scratches. Modern hard drives use CRC codes to detect and Reed–Solomon codes to correct minor errors in sector reads, and to recover data from sectors that have "gone bad" and store that data in the spare sectors.

File systems such as ZFS or Btrfs, as well as some RAID implementations, support data scrubbing and resilvering, which allows bad blocks to be detected and (hopefully) recovered before they are used. The recovered data may be re-written to exactly the same physical location, to spare blocks elsewhere on the same piece of hardware, or to replacement hardware."
From Wikipedia

Global Settings and Reports

Global reports and settings make administration much easier.
With central administration, you are able to see who isn't backed up....

Global Controls

BaQapp offers Global Controls or Central Administration, a feature lacking in many popular backup software programs.

This makes is easy to schedule multiple endpoints globally, with the option for each authorized PC user to adjust their own settings.

Global Controls

What are the settings

Settings that can be controlled include time between both incremental and full backups of both files and images, maximum number of backups before old backups are deleted, excluded files, included files, default directories, clean-up time when old backups are deleted, for all or any of the endpoints in the network.

Global Reports

BaQapp reports are for all the endpoints that are being backed up in one consolidated report. This report shows the name of each endpoint, with the time and date of the last file and incremental backups. Backups that are behind schedule are highlighted.


An image of a computer's hard drive will save you a lot of grief if a drive fails
Imaging is the missing essential feature from many backup applications

What is an image?

An image of a hard drive is an exact copy of the drive that can be used to quickly and completely restore everything; settings, fonts, desktop, programs.

BaQapp's default settings makes an exact full image of each drive every 30 days, and then every 7 days stores only the changes, known as incremental changes or incremental backups.


Should BaQapp be required to restore an image that has not had a full backup in the last week, it will automatically add the changes to the full backup, allowing easy restoration of your entire drive up to the last incremental image backup.

Recovery from Ransomware

Should your PC have been attached by malware, namely a virus or Ransomware some time ago, you have the ability to restore from a date in the past before the malware attack.

Recently one of our PCs in the office was attacked by Cryptowall, and a demand made for a $500 payment within a few days, or a greater payment if delayed. All the backups made after the attack by the Ransomeware had been corrupted before being backed up, but the malware was unable to attack the previous BaQapp backups, one of which was used to do a recovery.

Bare Metal Recovery

Image backups are used to make a "bare metal" recovery, where the backup is used to restore everything to its original state before the loss, onto a replaced hard drive or in a different computer. Let us assume that you have destroyed your computer by driving over it, something of which we have had personal experience. Despite spending thousands of dollars on costly recovery services, the recovered data was useless.

However new computers at the time came installed with Windows 8, and several programs that were working perfectly well in the older damaged computer such as MYOB needed to be upgraded at a heavy cost as the old versions would not work with the new Windows 8 system. The chosen option was to then find and install a copy of the older operating system, and then re-install everything again.

There was a backup several months old of most of the files, but no image backup with all the software, applications, apps, fonts, emails and email addresses, bookmarks and shortcuts. Restoration took days and much was never recovered. 'You don't know what you got until it is gone.' became a truism!

If there had been an image backup all that would have been needed was to install the image on the new computer using the Restore system downloaded from the BaQapp website. Using the image backup the new computer would be operating with its old software, systems, emails, addresses, bookmarks, shortcuts, etc in a couple of hours as if nothing had changed.


An incremental backup saves only those files that have
changed or are new since the last backup, saving storage.

BaQapp incremental backup

BaQapp default setting makes incremental backups of files every 4 hours and incremental images every 7 days. BaQapp allows you to archive incremental backups as long as required, so that old versions of files can be found easily.

It is possible to recover a file even if was deleted or changed in the original computer, as long as it has been retained in the backups.


Should your computer have been attacked by malware, namely a virus or ransomeware some time ago, you have the ability to restore from a date in the past before the malware attack.

BaQapp default settings

  • Incremental Backup of all changed files on each PC every 4 hours during working hours
  • Full file backup every 7 days
  • Incremental image backup every 7 days
  • Full Image backup every 30 days
  • If the BaQapp hard drive becomes full, the oldest backups will be deleted first, unless a particular backup has been set to be archived, in which case it will never be deleted by BaQapp
  • BaQappBoxx will automatically backup the "C" drive on any computer that has the client software installed, and can easily be instructed to also backup any attached Windows drives

You can of course easily change the backup timings and other configurations yourself at any time.

Incremental and Differential Backup

Should a computer that is usually backed up not be available to the BaQapp at its expected backup time, as soon as that computer reappears on the network the BaQapp will catch up on the missing backup.

Offsite Archiving

Easily create a duplicate storage drive for safe offsite storage.
Data Mirroring, cloning or a duplication of storage drive onto an additional drive is easy with BaQapp.

BaQapp simplifies the updating of your extra storage drive

BaQapp can easily copy or clone all its backup data to another drive, which can be stored offsite. This clone drive can be updated regularly, by attaching it to the BaQapp Appliance.

When the duplicate drive is attached to the BaQapp appliance, BaQapp will automatically update the additional drive


How long can you store a hard drive?

Expert opinion is that a hard drive will hold data for at least 5 years unused, longer if it is refreshed every few years. The BaQapp feature where the data is stored with redundancy and Error Correction will add the storage life of the drives.

With the falling prices of hard drives it is now an economic proposition to buy a new larger drive, often at a lower cost than the older drive, and keep the data on the older drive stored for years. Old photos, accounting or legal records need not be deleted or overwritten.

Definition of Data Mirroring

"Data Mirroring is the act of copying data from one location to a storage device in real time. Because the data is copied in real time, the information stored from the original location is always an exact copy of the data from the production device. Data mirroring is useful in the speedy recovery of critical data after a disaster. Data mirroring can be implemented locally or offsite at a completely different location."
From Webopaedia.

Two-factor authentication (2FA)

Two-factor authentication (also known as 2FA) is a technology that provides
identification of users by means of the combination of two different components.

Password protection and 2 Factor authentication

In many cases of data loss someone either logs in, or finds an open computer and then maliciously delete data. Most systems have that vulnerability, especially with passwords that get cached. BaQapp operates with a public key, private key authentication with its own network protocols.

The files on BaQapp cannot be accessed by any user being backed up except through using a password to access the BaQapp software.


BaQapp additionally will soon offer 2 Factor authentication, where any administrator changes need to be confirmed through an SMS sent to a registered telephone. No disgruntled employee can maliciously damage or remove the backup data through the BaQapp without access to the BaQapp password with two step authentication, and even then the data is only removed during the next cleanup action.


Simple Raid setup by BaQapp
BaQapp includes built-in RAID for extra storage security.


When setting up your BaQapp, if BaQapp detects more than one storage drive, you will be asked whether you wish to make the additional drive a clone or part of a RAID system.

BaQapp will give you the option of RAID 0, where the backup data is stored once only over all the detected drives, increasing storage capacity


BaQapp will also give you the option of RAID 1, where all data is stored twice. If you are using 2 drives, the second drive will be a clone of the 1st drive, and any change to the data will be made on both drives.

This second drive can be removed and stored off-site for additional security. When reconnected it will be updated automatically.

RAID allows you to store the same data redundantly (in multiple places) in a balanced way to improve overall performance. RAID disk drives are used frequently on servers

How RAID Works

With RAID technology, data can be mirrored on one or more disks in the same array, so that if one disk fails, the data is preserved. Thanks to a technique known as striping (a technique for spreading data over multiple disk drives), RAID also offers the option of reading or writing to more than one disk at the same time in order to improve performance.

In this arrangement, sequential data is broken into segments which are sent to the various disks in the array, speeding up throughput. A typical RAID array uses multiple disks that appear to be a single device so it can provide more storage capacity than a single disk.

"RAID (originally redundant array of inexpensive disks, now commonly redundant array of independent disks) is a data storage virtualization technology that combines multiple physical disk drive components into a single logical unit for the purposes of data redundancy, performance improvement, or both.[1]

Data is distributed across the drives in one of several ways, referred to as RAID levels, depending on the required level of redundancy and performance. The different schemas, or data distribution layouts, are named by the word RAID followed by a number, for example RAID 0 or RAID 1.

Each schema, or a RAID level, provides a different balance among the key goals: reliability, availability, performance, and capacity. RAID levels greater than RAID 0 provide protection against unrecoverable sector read errors, as well as against failures of whole physical drives. "
From Wikipedia.

Standard RAID Levels

RAID devices use many different architectures, called levels, depending on the desired balance between performance and fault tolerance. RAID levels describe how data is distributed across the drives.

Standard RAID levels include the following:

Level 0: Striped disk array without fault tolerance
Provides data striping (spreading out blocks of each file across multiple disk drives) but no redundancy. This improves performance but does not deliver fault tolerance. If one drive fails then all data in the array is lost.
Level 1: Mirroring and duplexing
Provides disk mirroring. Level 1 provides twice the read transaction rate of single disks and the same write transaction rate as single disks.