Securing Backups from Ransomware, Human Error, and Cyber Attackers

Never be threatened by data loss again

Understand how to protect your company and reputation

Prevent unplanned deletions
Neutralize ransomware attacks

Why are backups a target?

The latest evolutions are attacking backups.  The purveyors of ransomware know that the way most organizations defeat ransomware or malware attacks is to recover from a good clean backup. 

Therefore, they recognize the way to prevent organizations from defeating their attacks and revenue streams is to neutralize the backups. 

They do this by deleting the backups before the ransomware detonates and encrypts all of the system’s data including the PII data.  They delete the backups three ways: 

  1. Find and delete the backup directory.
  2. Steal the backup administrator’s privileges to delete the backups.
  3. Utilize the published and well-known backup software API to delete the backups.

Once the backups are deleted, there is nothing there to recover from the ransomware or malware, and the ransom must be paid to recover the data.

The problems with 3-2-1

Many backup vendors are pushing an old concept called 3-2-1: 3 copies of the backup data, 2 different media (typically disk and tape), and 1 copy (tape) air-gapped and kept offsite in a vault such as Iron Mountain. 

There are several problems with 3-2-1:


Data on tape is going to be very difficult to meet compliance requirements for “Right-to-be-Accessed” and especially “Right-to-be-Forgotten”.


Recoveries from tape are long, tedious, and frequently error-prone.  The reason image-backup is now so popular is that the applications, virtual machines, and data can be mounted in minutes instead of being recovered in hours to days.


Three copies of the backup data is ridiculously expensive by consuming 3 times the storage capacity. And deduplication will do nothing to eliminate copies.


Air-gapping the tape will add additional time to recoveries and has its own vaulting costs. It’s important to recognize that utilizing a backup as a service (BaaS) or disaster recovery as a service (DRaaS) from a managed service provider (MSP) is not an air gapped solution.  The MSP is just as vulnerable to having your backups deleted as you are.  The final word: If the service is connected over the internet, it is not air gapped.

How Can ioFABRIC Help?

ioFABRIC software prevents ransomware, malware, malicious actors, disgruntled employees, or even human error from deleting backups.

It does this by placing an unbreakable retention lock on the backups that prevents the backups from being deleted until the retention lock time period has expired, making backups immutable.  The retention lock cannot be shortened although it can be lengthened. 

Even when backup data has an immutable retention lock, users can still find and erase PII data within the backups, maintaining PII compliance.


The 1-2-3 of ioFABRIC:

  1. Converts the image backups into open source standard backups
  2. Encrypts the data with compliant and certified FIPS140-2
  3. Then puts a Retention Lock Immutability on every image backup data set

The immutable retention lock cannot be deleted

  • Not by ransomware
  • Not by erasing the directory
  • Not by malware
  • Not by stolen admin credentials
  • Not by disgruntled employees
  • Not by hackers

To stay compliant with data privacy regulations, the “Right-to-be-Erased” is the only exception to the Immutable Retention Lock.

  1. PII data can still be searched, erased, and documented without removing the Immutable Retention Lock.
  2. Simplifies PII protection requirement and is the definitive “State-of-the-Art” or SOTA required by PII compliance

Learn more about how ioFABRIC can help, or read the solution brief.