Intelligent backup system

What is claimed is: 1 . A method for ransomware-aware file backup, the method implemented on a computing device and comprising: backing up a target population of files from a target file location in a backup transaction; computing a backup delta score for said backup transaction, wherein said computing comprises comparing backup data from said backup transaction with backup data from a previous backup transaction; determining whether said computer backup delta score exceeds a pre-defined threshold; and upon said computed backup delta score exceeding said pre-defined threshold: determining that said backup transaction is indicative of a ransomware infection, and performing at least one counter-measure in response to said ransomware infection. 2 . The method according to claim 1 and wherein said performing comprises: aborting said backup transaction. 3 . The method according to claim 1 and wherein said performing comprises: quarantining said backup transaction. 4 . The method according to claim 1 and wherein said performing comprises: restoring said target population from a previous baseline version of said backup transaction. 5 . The method according to claim 1 and wherein said performing comprises: increasing the number of versions of said backup transactions stored on said computing device. 6 . The method according to claim 1 and wherein said performing comprises: verifying a file type for at least one file from said target population as a function of conformance to an expected, known structure for a file-type indicated by a filename extension of said at least one file. 7 . The method according to claim 1 and further comprising: alerting a user in response to said ransomware infection; receiving instructions in response to said alerting; and responding to said ransomware infection at least in accordance with said instructions. 8 . The method according to claim 1 and wherein said performing is performed autonomously. 9 . The method according to claim 1 and wherein said computing further comprises: weighting said delta score in accordance with a designated importance of said files. 10 . The method according to claim 9 and wherein said importance is a function of at least one of file type, file location, file function, or past modification history. 11 . The method according to claim 9 and wherein said weighting comprises: enabling designation of at least one of said files as important. 12 . The method according to claim 1 and wherein said comparing further comprises: comparing numbers of file deletions and modifications in said backup transaction and said previous backup transaction. 13 . The method according to claim 1 and wherein said computing further comprises: identifying ransom note files known to be associated with ransomware. 14 . The method according to claim 1 and wherein said computing further comprises: detecting file access patterns associated with ransomware. 15 . The method according to claim 1 and wherein said computing further comprises: verifying a file type for at least one file from said target population of files in accordance with a known structure for said file type as indicated by an associated file name extension; and increasing said delta score for unsuccessful verification of said file type for said at least one file. 16 . The method according to claim 1 and further comprising: alerting a user upon the cancellation or non-successful completion of a scheduled said backing up. 17 . An intelligent backup server comprising: a processor; an I/O module operative to receive files to be backed up from a target file location; a backup database operative to store one or more versions of said files; a rules database; and a backup manager application, to be executed by said processor and configured to: backup said files to be backed up in a backup transaction stored in said backup database, score a likelihood of infection of one or more of said files in said backup transaction according to rules in said rules database, compute a backup delta score for said backup transaction by comparing said scored likelihood of infection by an unauthorized software agent with a previously scored likelihood of infection by an unauthorized software agent from a previous said backup transaction, determine whether said computer backup delta score exceeds a pre-defined threshold, upon said computed backup delta score exceeding said pre-defined threshold: determine that said backup transaction is indicative of infection by an unauthorized software agent, and perform at least one counter-measure in response to said infection. 18 . The intelligent backup server according to claim 17 and wherein: said rules database is configured to receive updates for said rules; and said backup manager application is configured to: receive a request to restore at least one of said files from said backup transaction, rescore said likelihood of infection using said updates, recompute said delta score for said rescored likelihood of infection, and perform or not perform said restore based on said recomputed delta score. 19 . The intelligent backup server according to claim 17 and wherein said backup manager application is further configured to: send an alert to a user in response to said likelihood of infection; receive instructions in response to said alert; and perform said at least one counter-measure in accordance with said instructions. 20 . A system for ransomware-aware file backup, the system implemented on a computing device and comprising: means for backing up a target population of files from a target file location in a backup transaction; means for computing a backup delta score for said backup transaction, wherein said computing comprises comparing backup data from said backup transaction with backup data from a previous backup transaction; means for determining whether said computer backup delta score exceeds a pre-defined threshold; and means for upon said computed backup delta score exceeding said pre-defined threshold: determining that said backup transaction is indicative of a ransomware infection, and performing at least one counter-measure in response to said ransomware infection.