Carbonite Ransomware Protection Setup Guide

Ransomware doesn't announce itself. By the time you notice something is wrong, files are already encrypted. This guide walks you through enabling Carbonite's threat detection, setting up recovery points, and running a test restore — so your team can recover from an attack without paying a ransom or losing days of work.

What You Need Before Starting

Don't skip this part. Missing one item halfway through the setup wastes more time than checking now.

RequirementHave It?Where to Get It
Active Carbonite Safe or Safe Plus subscription✅ / ❌Carbonite plans page
Carbonite desktop agent installed on each target machine✅ / ❌Carbonite dashboard → Downloads
Admin access to the device(s) you're backing up✅ / ❌Your IT setup or device owner
At least one completed baseline backup✅ / ❌Run the agent and let it finish before continuing
Windows 10/11 or macOS 12+ on backed-up machines✅ / ❌System Preferences → About
Verified login credentials for Carbonite's web portal✅ / ❌carbonite.com → Sign In

A baseline backup matters more than most guides admit. Ransomware recovery depends on having a clean restore point that predates the attack. If the agent hasn't finished its first full backup, threat detection has nothing useful to work with.

What You'll Have Working by the End

When you finish this guide, your setup will look like this:

  • Carbonite's built-in threat detection is active and monitoring file change patterns on each enrolled device
  • Recovery points are configured at intervals short enough to limit data loss to hours, not days
  • You've run at least one simulated restore from a known-clean backup version
  • Your team knows exactly which steps to follow when an infection is detected

That last point is easy to skip. A tested restore process you've actually walked through is worth more than one that only exists in documentation.

Want to understand how Carbonite stacks up for your team size before going further? The Carbonite backup review covers real-world performance for small teams specifically.

How to Set Up Carbonite Ransomware Protection: Steps 1–3

Ransomware doesn't announce itself. By the time you notice something is wrong, your files are already encrypted and you're staring at a payment demand. For small teams running one to five websites, that's not a theoretical risk — it's a business-ending event if you don't have clean, recoverable backups ready to go.

This guide walks you through the exact steps to configure Carbonite so that threat detection is active, recovery points are set up correctly, and you can actually restore files after an encryption attack. Not just back them up — restore them. There's a difference, and most people only discover it at the worst possible moment.

Step 1: Enable Threat Detection in Your Carbonite Dashboard

What to do

Log into your Carbonite account and navigate to the Computers tab. Select the machine you want to protect, then open the Settings panel. Look for the section labeled Backup Threat Detection or Security Settings — the exact label depends on your plan tier. Once you're there, toggle threat detection on and confirm that ransomware file monitoring is enabled.

If you're on Carbonite Safe or Safe Plus, threat detection features may be limited compared to higher-tier plans. Check your current plan details before assuming everything is active. It's worth spending two minutes on this now rather than assuming coverage you don't have.

Why it matters

Threat detection in Carbonite is designed to flag unusual file activity — specifically the mass encryption pattern ransomware uses when it executes. Without it enabled, Carbonite will still back up your files, but it might also faithfully back up the encrypted versions, overwriting your clean snapshots in the process. That's the scenario you're trying to avoid.

The detection layer acts as a circuit breaker. When suspicious activity is identified, Carbonite can pause backup activity so that corrupted or encrypted files don't propagate into your recovery points. Think of it as the difference between a backup that saves your work and a backup that saves the attack.

How to verify

After enabling the setting, you should see a confirmation status in the dashboard showing threat detection as Active or Enabled — the exact wording varies. Take a screenshot or make a note of the date you enabled it. If the toggle appears grayed out or the option isn't visible, your plan may not include it, and that's worth investigating before you go further.

You can also check the Carbonite activity log (usually under Account Activity or Backup History) to confirm the setting change was recorded. A logged entry gives you a basic audit trail, which matters if you ever need to demonstrate to a client or stakeholder that protections were in place.

Not sure whether Carbonite is the right fit for your team's budget and backup needs? The Carbonite review at Toolvoro covers plan differences in practical terms.

Step 2: Configure Recovery Points So You Can Roll Back Before an Attack

What to do

Still in your Carbonite dashboard, go to Backup Settings for the selected computer. Find the section that controls versioning or file version history. Set the retention period to the maximum your plan allows — for most small teams, that means keeping previous versions for at least 90 days, though some plans offer more.

Next, confirm that automatic backup frequency is set to continuous or as frequent as your plan permits. The shorter the gap between backups, the less data you lose if something goes wrong between snapshots.

While you're here, take a few minutes to verify which folders are actually included in the backup. Carbonite auto-selects common locations like Documents and Desktop, but if your website files, client assets, or project folders live somewhere else, you'll need to add those paths manually. Go to Backup Sets or Add Folders and include anything that would be genuinely painful to lose.

Why it matters

Recovery points are everything in a ransomware scenario. The attack itself might take only minutes, but the cleanup — figuring out exactly when it started, which files were hit, what was clean — can take hours. Having dense, well-retained recovery points means you can roll back to a specific moment before the encryption began rather than accepting a generic "yesterday's backup" that might still contain corrupted files.

Version history is also your protection against slow-burn ransomware, the kind designed to quietly encrypt files over days or weeks before triggering. A 90-day retention window gives you a much better chance of finding a clean restore point than a 7-day window would. The extra storage overhead is worth it.

How to verify

Open a test file on the backed-up machine — a simple text document works fine. Make a small change and save it. Wait a few minutes, then open the Carbonite File History for that file. You should see at least two versions: the original and the edited one. If you can see multiple versions, your versioning is working.

While you're there, confirm the timestamps on recent backups. If the last backup was more than a few hours ago and continuous backup is supposedly enabled, something may be misconfigured or the machine may not have had an active connection when expected. Investigate any gaps longer than your backup frequency setting.

If you're weighing Carbonite's versioning capabilities against other options, Toolvoro's comparison of Carbonite pricing and alternatives is worth a read before committing.

Step 3: Run a Test Restore to Confirm You Can Actually Recover Files

What to do

This is the step most people skip, and it's the most important one. Go to your Carbonite dashboard, select the computer you've been configuring, and find the Restore Files option. Choose a folder or a handful of individual files you've recently backed up — nothing critical, just something you know is there.

Select a restore point from a few days ago and initiate a restore to an alternate location on your machine (not the original folder). This way you're testing the recovery process without touching your live files. Wait for the restore to complete, then open the restored files and verify they're intact and usable.

If your plan includes a web-based restore option, test that too. Ransomware sometimes spreads through a network and can affect multiple machines simultaneously. Being able to restore from a browser on a separate device is a meaningful fallback.

Why it matters

Backups that you've never tested are optimism, not protection. The restore process is where configuration errors surface — wrong file paths, failed authentication, incomplete uploads, permission issues. Finding those problems now, when there's no pressure, means you won't be troubleshooting them at 2am after an attack has taken your site offline.

There's also a psychological dimension here that's easy to overlook. Teams that have actually run a restore are dramatically more confident in their response when something goes wrong. The first time you restore files shouldn't be during a crisis.

How to verify

Open every file you restored to the alternate location and confirm they function normally — documents open, images render, config files aren't corrupted. Check the file sizes against the originals if you want to be thorough. A file that looks restored but is actually incomplete or zero-bytes is worse than useless in a real recovery situation.

Log the test in a simple document: date, which files were restored, restore point used, and whether everything came back clean. That record becomes part of your basic continuity documentation, useful if you're ever managing a site for a client who asks about your backup practices.

If the restore failed or files came back corrupted, don't move on. Work through the Carbonite support resources to identify the cause before treating your setup as production-ready. A failing test restore is the best possible thing to discover — just not during a real incident.

For a broader look at how Carbonite fits alongside other tools small teams actually use, Toolvoro's best backup software roundup for small teams gives useful context without the enterprise noise.

These first three steps build the foundation: detection is live, recovery points are dense enough to be useful, and you've confirmed that restoring actually works. The next steps cover what to do when a threat is detected, how to isolate affected machines, and how to run a full recovery sequence under pressure.

Set Up Carbonite Ransomware Protection

Step 4: Enable Ransomware Threat Detection

Carbonite's threat detection layer is what separates a basic cloud backup from something actually useful when an attack hits. Without it, you're relying on manual backups and luck. With it, the software monitors for suspicious encryption activity and flags compromised versions before they overwrite your clean files.

To turn it on, open the Carbonite dashboard and navigate to Security Settings . Look for the Threat Detection toggle—it's off by default on some plans, which catches a lot of small teams off guard. Switch it on, then confirm the sensitivity level is set to High rather than the default Medium. Medium works fine for general anomalies, but ransomware moves fast and you want early warnings, not late ones.

While you're in this section, check which file types are included in the monitoring scope. Carbonite scans for mass encryption events across your backed-up files, but you should verify that your most critical directories—client files, financial records, site exports—are included in the monitored paths. If they're not, add them manually under Protected Folders .

Why this matters: Ransomware doesn't announce itself. By the time you notice your files are encrypted, the malware may have already been running for hours. Threat detection creates a buffer—an earlier warning signal—that gives you a window to stop the spread before it reaches more backups.

How to verify it's working:

  • Go to Activity Log in your dashboard
  • Confirm "Threat Detection Active" appears as a status entry with today's date
  • Check that your highest-priority folders show "Monitored" in their status column
  • If any folder shows "Excluded," click it and add it back to the monitored set manually

One thing worth noting: threat detection doesn't replace your antivirus or endpoint protection. It's a complement, not a replacement. If you're running a lean setup, make sure you have at least one active endpoint tool running alongside Carbonite—ransomware gets stopped fastest when multiple layers catch it.

Step 5: Configure Recovery Points for Ransomware Scenarios

Recovery points are your actual lifeline after an attack. The question isn't whether you have backups—it's whether you have enough recovery points spread across enough time that you can roll back to a version created before the ransomware touched anything.

Carbonite maintains versioned backups, but the default configuration may not give you the granularity you need. Here's how to set it up properly for a ransomware scenario.

Open Backup Settings and find Version History. The key number to set is how many historical versions Carbonite retains per file. For small teams managing 1-5 websites, a minimum of 30 days of version history is a practical floor. If your plan supports 60 or 90 days, use it. Ransomware infections are sometimes discovered weeks after the initial compromise, and having older recovery points available is what makes a full restoration possible.

Set your backup frequency to the shortest interval your plan allows. More frequent backups mean shorter gaps between recovery points. If you can back up every 15 minutes, do it. The smaller the window between snapshots, the less work you lose when you restore.

Create a labeled recovery point manually right now. Before anything bad happens, go to Backup Now and create a full backup, then note the timestamp. This becomes your known-good baseline—a recovery point you've verified yourself, taken at a moment when you know your files are clean. Label it something clear in your notes, like "Clean baseline — [date]."

Why this step is often skipped: Most teams set up backup software and assume it's handling versioning correctly. In practice, default settings often prioritize storage efficiency over recovery flexibility. You end up with fewer recovery points than you'd expect, clustered more tightly in recent time. That's fine for accidental deletions. It's not fine if ransomware has been silently encrypting files for two weeks before you noticed.

Verification checklist for this step:

  • Open File History or Version History in your Carbonite dashboard
  • Select a sample file and confirm you can see multiple dated versions, not just the most recent one
  • Verify the oldest available version is at least 14 days old (30+ is better)
  • Confirm your backup schedule shows the correct frequency—not the default, but what you actually configured
  • Check that your manual baseline backup appears in the list with its correct timestamp

If your plan limits version history to fewer than 30 days, that's worth factoring into your overall setup. The Carbonite pricing and alternatives comparison breaks down what each tier actually includes, which can help you decide whether upgrading makes sense for your situation.

Step 6: Test a Restore After a Simulated Encryption Attack

This is the step most small teams skip entirely. That's a problem. A backup you've never tested is just a theory. Restoration is the only part of your disaster recovery plan that actually matters when things go wrong, and it behaves differently in practice than it looks in a dashboard.

The goal here is to simulate what would actually happen if ransomware hit one of your sites—then walk through a restore to confirm the process works, the right versions are accessible, and you know exactly what to do under pressure.

How to run a restore test:

Pick a non-critical folder—something with real files but nothing mission-critical, like an archived project or a staging copy of a site asset. You're not working with live files for this test.

Go to Restore in your Carbonite dashboard. Select the folder you chose. Instead of restoring to the original location, restore it to a new folder or a different directory. This avoids accidentally overwriting anything active, and it mirrors what you'd actually want to do after a real attack—restore to a clean location, verify the files, then move them into place.

Now check the restored files. Open a few documents. Make sure they're the correct versions and not corrupted. If you've been running threat detection since Step 4, the dashboard should confirm these file versions predate any flagged anomalies.

Next, test rolling back to a specific recovery point. Go into Version History for one of the restored files and deliberately choose a version from 10 or 15 days ago. Restore that older version to your test folder. This simulates the exact scenario where recent versions are compromised and you need to reach back further. Confirm the file opens correctly and reflects the expected older content.

What to document from this test:

  • The date and time of the test
  • Which folder you used and what version you restored from
  • How long the restore actually took (not the estimate—the actual time)
  • Any errors or prompts that appeared during the process
  • Whether the files were intact and correct after restoration

That last point about timing matters more than people expect. If restoring 500MB of files takes 45 minutes on your connection, a full site restoration could take hours. Knowing that ahead of time changes how you plan your incident response—you'd want to restore critical files first rather than running a full backup restore and waiting.

Why you should repeat this test periodically: File structures change. New folders get added. Someone changes permissions. A plan upgrade shifts which features are active. Running a restore test every 60-90 days keeps your institutional knowledge current and catches configuration drift before it becomes a real problem during an actual emergency.

For context on how this fits into a broader backup strategy for small website teams, the best backup software roundup for small teams covers how Carbonite compares to alternatives on restore reliability—a useful reference if you're still evaluating whether this setup meets your needs.

Quick Reference: Steps 4–6 Verification Summary

StepWhat You ConfiguredHow to Confirm
4Threat detection enabled at High sensitivityActivity Log shows "Threat Detection Active"
5Version history at 30+ days, frequent backups, clean baselineFile History shows multiple dated versions; baseline timestamp visible
6Restore test completed to alternate folderTest folder contains correct, uncorrupted files from chosen recovery point

Keep this table somewhere accessible—a shared team doc works well. When something goes wrong, you want the verification path written down, not stored in someone's memory.

A Note on What These Steps Don't Cover

Steps 4–6 handle detection, recovery point configuration, and restore testing. That's the operational core of ransomware preparation. But there are adjacent decisions worth considering once this is running—like whether Carbonite's included features are the right fit for your specific website stack, or whether a different tier would give you better version history depth.

The Carbonite backup review covers those tradeoffs without sugarcoating the limitations. Worth reading if you're deciding whether to commit to a longer plan or stay month-to-month.

If you're still on the fence about Carbonite as a tool overall, the freelancer-focused take on whether Carbonite is worth it looks at the value question from a smaller-scale perspective—relevant if you're a solo operator managing a few client sites rather than a team with shared infrastructure.

Once you're confident the setup is solid, the next move is putting Carbonite to work on your actual sites.

Start Carbonite Protection

Troubleshooting Your Carbonite Ransomware Protection Setup

Even a well-configured backup can quietly fail. For small teams protecting one to five sites, a silent failure is worse than no backup at all — you only discover it when you actually need a restore. These are the failures that come up most often, along with how to fix them and confirm the fix actually worked.

Backup Is Running But Files Aren't Being Versioned

This catches people off guard. Carbonite shows a green status, uploads are happening, but when you check a specific file's version history, there's only one copy.

The usual cause is that the file type or folder path has been excluded, either by a rule you set or by Carbonite's default exclusions. Large database files, compressed archives, and certain application folders are sometimes excluded automatically.

What to check:

  • Open Carbonite preferences and go to the file selection or exclusion settings
  • Look for any file type exclusions (.zip, .sql, .bak, and similar extensions are common culprits)
  • Confirm your target folders — especially anything containing website files or database exports — are explicitly included, not just assumed to be covered
  • Check that versioning depth is set to more than one version; the default may not match what you configured during setup

After making changes, trigger a manual backup and then revisit the version history for a test file. If multiple versions appear, versioning is working.

Recovery Points Are Missing or Sparse

You set up recovery points and expected them at regular intervals, but when you look at your restore options, there are gaps — sometimes hours, sometimes days.

A few things cause this. The backup client may have been offline during scheduled windows. Network interruptions can cause backup jobs to pause without surfacing a visible error. Some Carbonite plans also have limits on how frequently recovery points are captured, so if you're on a lower tier, your options may be thinner than expected.

What to check:

  • Review the backup activity log inside the Carbonite desktop client or dashboard for any failed or interrupted jobs
  • Check whether your machine or backup client was running continuously during the window when gaps appear
  • Confirm your plan tier actually supports the recovery point frequency you expected — this is worth checking against Carbonite's pricing and plan details if you're unsure what your current plan includes
  • If jobs were failing silently, look for error codes in the log and cross-reference them with Carbonite's support documentation

A steady stream of completed backup jobs in the activity log, with timestamps matching your configured schedule, confirms recovery points should be accumulating correctly going forward.

Ransomware Detection Alert Fires But Backup Continues Uploading

This is the scenario you want to avoid. If Carbonite's threat detection flags unusual file activity — mass encryption events, for instance — the expected behavior is that new backups pause or you're prompted to review before anything gets overwritten.

If backups kept running after a detection alert, there are a few possibilities. The alert may have been informational rather than blocking. Your notification settings might not have routed the alert anywhere you'd actually see it. Or the detection threshold wasn't sensitive enough to trigger a full pause.

What to check:

  • Go into your threat detection or alert settings and verify what action is configured to follow a detection event — pause, notify, or both
  • Make sure alert emails or notifications are going to an address someone checks, not a shared inbox that gets ignored
  • If you can reproduce the condition in a test environment, do it: encrypt a small batch of dummy files and watch whether Carbonite pauses the backup job or continues uploading
  • Review whether your current plan includes active threat response or just passive alerting — the behavior differs

For small teams, the safest configuration is pause-plus-notify, not just notify. If a restore is needed, you want clean recovery points, not a backup that quietly overwrote everything with encrypted versions.

Restore Test Failed or Returned Corrupt Files

You ran a test restore — good. It came back incomplete or the files were unusable. That outcome is frustrating, but it's the entire reason you test before an actual emergency.

Corrupt or incomplete restores usually trace back to one of three things: the backup itself was incomplete, the restore process was interrupted, or the restored files were from a version that was already compromised.

What to check:

  • Check the restore log for any errors or skipped files during the restore job itself
  • Verify the version you restored from predates any simulated attack or known-good checkpoint — restoring from a version that's already encrypted produces encrypted output
  • For large restores, confirm your internet connection stayed stable throughout; partial restores often look like corruption when they're actually just incomplete
  • If individual files look correct but the site or application won't load after restore, the issue may be permissions or file paths, not the backup data itself — check file ownership and directory structure after restoring

Run the test again from a version you're confident is clean. If the second attempt produces usable files, the issue was version selection, not the backup integrity itself.

Carbonite Client Shows "Up to Date" But Hasn't Synced Recently

The status indicator shows everything is fine, but the last actual sync timestamp is days ago. This is a common source of false confidence.

What to check:

  • Click into the detailed activity view rather than trusting the summary status — look for the actual timestamp of the last completed backup, not just the status label
  • Restart the Carbonite client and watch whether a backup job initiates
  • Check whether your machine went into sleep or low-power mode during scheduled backup windows; Carbonite typically requires the machine to be on and awake to run jobs
  • On Windows, check whether the Carbonite service is running in the background via Task Manager or Services; on Mac, confirm the agent is active

After restarting the client and confirming the service is running, manually trigger a backup and verify a new timestamp appears in the activity log within a few minutes.

Validation Checks to Run After Any Fix

Fixing an issue is only half the job. These checks confirm the fix held and your ransomware protection is actually functional — not just appearing functional.

After fixing versioning or exclusion issues:

  • Modify a test file and wait for the next backup cycle
  • Open the version history for that file and confirm at least two distinct versions exist
  • Verify timestamps match when you made the changes

After fixing recovery point gaps:

  • Review the activity log for seven consecutive days of completed backup jobs
  • Spot-check three or four specific recovery points across different days and confirm they appear in the restore interface

After reconfiguring threat detection:

  • Simulate a trigger condition if your plan and environment allow it safely
  • Confirm the configured alert reaches its destination (email, dashboard notification, or both)
  • Confirm backup behavior matches your configured response (pause, not continue)

After a successful restore test:

  • Open restored files and confirm they're readable and not corrupted
  • If you restored a website backup, load the site in a browser and check core functionality
  • Document the date, version restored from, and outcome — this creates a real audit trail without relying on memory

When to Contact Carbonite Support

Most issues above are self-resolvable. A few situations warrant reaching out directly:

  • Error codes in the activity log that don't match anything in public documentation
  • Backup jobs that fail repeatedly after you've ruled out connectivity and configuration issues
  • Uncertainty about what your specific plan tier includes for threat detection or recovery point frequency
  • A restore that fails consistently even after trying different versions and approaches

Before contacting support, export your activity log and note the exact error codes and timestamps. It makes the process faster and avoids the back-and-forth of basic diagnostics.

If you're still evaluating whether the setup effort is worth it for your team size, the Carbonite review covers plan tradeoffs in practical terms. And if you're not sure Carbonite is the right fit at all, best backup software for small teams compares it against the alternatives worth considering.

Once you've worked through these checks and your restore test passes cleanly, you have a functioning ransomware recovery setup — not just a backup that runs in the background and hopes for the best.

Did It Work?

Run through these checks before you call the setup done. Each one is a binary pass or fail — no partial credit.

Carbonite shows your selected folders as "backed up" with a green status indicator in the desktop app.
At least one versioned recovery point exists for each protected drive or folder — visible under the Restore tab.
You triggered a test restore on a single file and recovered the correct version from before a simulated change.
Threat detection alerts fired (or logged silently) when you ran a benign test — confirm this in your account's activity feed.
Your backup schedule is set to run automatically, not manually only.
The recovery point retention window matches what your team actually agreed on — not just the default.
If any folder shows "pending" or "paused" for more than 24 hours, something blocked the upload. Check firewall rules and available disk space first.
If your restore test pulled the wrong file version, your recovery point configuration is off. Go back and verify how frequently Carbonite is snapshotting changes.
If no threat-detection event appeared anywhere after your test, the feature may not be active on your plan. Double-check your plan tier — not all Carbonite plans include ransomware threat detection.

Ready to Go Live?

The binary checks above tell you whether Carbonite is technically working. This part is different — it's about whether your team is actually prepared to use it under pressure.

Ask yourself these honestly.

Do you know where to go if ransomware hits at 2 a.m.? Not "roughly where" — exactly which screen, which tab, which button. If you'd be clicking around under stress, walk through the restore path one more time right now while things are calm.

Has anyone else on the team seen the restore process? If you're the only one who knows how recovery works, you're a single point of failure. Even a five-minute walkthrough with one other person makes a real difference.

Do your recovery points go back far enough? Ransomware often sits dormant. Some strains encrypt files quietly for days or weeks before triggering. If your retention window only covers 48 hours, a slow-moving attack could corrupt every recovery point you have. Make sure your plan's retention depth matches that risk.

Is your backup scope complete? A lot of teams back up the obvious folders and forget the rest — browser-based project tools, cloud-synced drives that aren't local, external drives that aren't always plugged in. Think through what would actually hurt to lose, not just what's easy to include.

Do you have an offline or offsite copy for your most critical files? Carbonite is cloud backup, which is strong. But a belt-and-suspenders approach — one local or air-gapped copy of your most irreplaceable assets — adds a layer that no ransomware reaching your cloud credentials can touch.

If you answered yes to all five, you're ready. If one gave you pause, fix it before you consider this setup complete.

Toolvoro Pro Tips

Pro Tip 1: Name your recovery points after meaningful events, not just dates.

Carbonite lets you annotate or identify restore points in context. After a major site update, content migration, or client delivery, note that moment explicitly. When something goes wrong two weeks later, "post-migration backup" is faster to navigate than scrolling through timestamps trying to remember what happened on a Thursday afternoon.

Pro Tip 2: Test your restore on a schedule, not just once.

Running a restore test during setup is the right move. But file corruption, permission changes, and plan downgrades can silently break recovery months later. Put a calendar reminder — quarterly is reasonable for most small teams — to restore one random file and confirm it comes back clean. It takes five minutes and has saved teams from discovering broken backups only when they needed them most.

Pro Tip 3: Separate your Carbonite login from your everyday email account.

If ransomware or a phishing attack compromises your primary email, and that same email controls your Carbonite account, the attacker could potentially lock you out of your backups. Use a dedicated email address for your Carbonite account, secured with a strong unique password and two-factor authentication. It's a small setup step that protects the thing protecting everything else.

FAQ

Does Carbonite automatically detect ransomware, or do I have to enable it manually?

It depends on your plan. Some tiers include automatic threat detection that flags unusual encryption behavior. Others require you to configure alerts or check activity logs yourself. Review your plan details in the account dashboard, and if threat detection isn't clearly listed, contact Carbonite support to confirm what's included before assuming it's active.

What happens to my backups if the ransomware encrypts my Carbonite-connected folders?

Carbonite keeps versioned copies of your files, so encrypted versions don't overwrite your clean recovery points immediately. The retention window is what matters here — you need enough history to reach back to a clean version before the encryption started. This is why configuring your retention window thoughtfully during setup matters far more than most teams realize.

Can I restore files to a different computer, not the one that was attacked?

Yes. You can restore files to any authorized device through the Carbonite web portal or desktop app. This is worth practicing before you need it. Logging into Carbonite from a clean machine and restoring a test file confirms the process works end-to-end — not just in theory.

How long does a full restore take for a small team's worth of data?

It varies significantly based on your total data size and internet connection speed. Carbonite does offer a physical media option for large restores — they ship you a drive — but for most small teams managing website assets, client files, and business documents, a targeted restore of specific folders is far faster than a full system recovery. Restore the critical stuff first, then bring back the rest.

Is Carbonite enough on its own, or do I need additional ransomware protection?

Carbonite handles the backup and recovery side of ransomware protection reliably. It doesn't replace endpoint security software — antivirus, EDR tools, or firewall rules that block threats before they reach your files. Think of Carbonite as your recovery layer, not your prevention layer. You need both, and they serve different functions.

What if I realize after an attack that my backup scope was incomplete?

Unfortunately, you can only restore what was being backed up. If a folder wasn't included in your configuration, that data isn't recoverable through Carbonite. This is why auditing your backup scope during setup — and periodically after — matters. Check it now rather than discovering the gap under pressure.

Explore More in This Guide

If you're still weighing whether Carbonite is the right fit for your team's size and budget, the Carbonite backup review for 2026 covers the real-world strengths and limits in plain terms.

Wondering how the cost compares to alternatives that offer similar ransomware recovery features? The Carbonite pricing and alternatives comparison breaks that down without the sales framing.

For a broader look at where Carbonite sits among other options small teams actually use, check the best backup software for small teams in 2026 roundup.

And if you're early in the decision and still asking whether Carbonite is worth the spend for a lean operation, the piece on whether Carbonite is worth it for freelancers is worth a few minutes.

Ready to Protect Your Sites

If you've worked through this Carbonite ransomware protection setup guide and your checks are passing, the configuration is solid. The restore test worked, the recovery points are in place, and your team knows what to do if something hits.

The last step is making sure you're on a plan that actually includes the threat detection and retention depth your setup depends on.

Already set up but want to compare whether a different tier or competing tool would serve your team better?

Compare Carbonite Plans and Alternatives

Not sure this is the right tool for where you are right now?

See Best Backup Tools for Small Teams

Carbonite strategy guideOpen the connected Toolvoro page →Carbonite reviewOpen the connected Toolvoro page →Carbonite comparisonOpen the connected Toolvoro page →Carbonite alternatives guideOpen the connected Toolvoro page →