Skip to main content Skip to navigation Skip to footer
RANSOMWARE SURVIVAL

Backups that ransomware can’t touch

Your backups are immutable from the moment they’re created. No one can change them. Not hackers. Not even you.

Every backup vendor promises recovery. None prove it daily. Rediacc does.

Start Free with Community See how it works → →
$ rdc repo push production
Snapshotting filesystem state .. done
Creating immutable btrfs snapshot .. done
Sealing with write-protection lock .. done
Verifying snapshot integrity .. done
Running automated restore test .. passed
✓ Backup sealed: production-2026-02-27T03:00
Time: 48s    Size: 380 GB    Status: immutable    Verified:

Illustrative output; actual runs may include extra logs. CLI reference: rdc repo push

0
Files Changed After Backup
100%
Immutable by Default
<60s
Full Backup Time
THE PROBLEM

Ransomware targets your backups first

Modern attackers find your backups before they encrypt your files. If your backups can be changed, they will be. Traditional backup tools leave the door open — and 94% of ransomware victims had their backups targeted during the attack. You need backups that lock shut the moment they’re created.

94% of attacks target backups Sophos 2024 [1]
$4.88M avg breach cost IBM Cost of a Data Breach 2024 [2]
24 days avg recovery time Coveware Quarterly Report [3]
The old way
Day 1 Schedule backup
Day 2 Backup runs
Day 7 Hope it’s clean
Day 14 Ransomware hits
Day 15 Backup encrypted too
With Rediacc
Backup
Sealed
Verified
THE REAL COST

What’s a ransomware attack costing you?

Drag the sliders to match your infrastructure. The numbers add up fast.

Calculate your ransomware exposure

Without Rediacc
Downtime per incident72 hours
Revenue at risk$360,000
Recovery labor cost$43,200
Reputation / customer loss$120,960
Annual exposure
$524,160
With Rediacc
Downtime per incident<5 min
Revenue at risk~$0
Recovery labor cost~$200
Reputation / customer loss$0
Annual exposure
~$200
Revenue at risk based on $9,000/min avg downtime cost (Splunk/Oxford Economics 2024) [4]. Recovery labor: 6 engineers × recovery hours × $200/hr blended rate. Reputation cost estimated as a percentage of direct costs (industry estimate). With Rediacc: immutable snapshots restore in under 5 minutes — downtime approaches zero.
HOW IT WORKS

One command. Total protection.

1

Back up

Run rdc repo push production --immutable. Your data is captured and sealed instantly.

2

Lock

Immutability kicks in at the filesystem level. No changes allowed. Not by ransomware. Not by root.

3

Recover

When disaster strikes, your clean backup is waiting. Full environment restored in under 5 minutes.

Production Live
gitlab :443
postgres :5432
mailcow :25
redis :6379
4 containers 380 GB
Seal
Immutable Backup Sealed
gitlab read-only
postgres read-only
mailcow read-only
redis read-only
4 containers 380 GB · locked
UNDER THE HOOD

Why ransomware can’t encrypt these backups

Rediacc uses btrfs read-only snapshots at the filesystem level. Once a snapshot is sealed, the kernel itself prevents modification — not software locks that malware can bypass, but filesystem-level immutability. Even with root access, ransomware cannot encrypt, modify, or delete a sealed btrfs snapshot.

Traditional backup tools
Rediacc (btrfs immutable)
Software-level “immutability” — can be bypassed with admin/root access
Kernel-enforced read-only snapshots — cannot be modified even with root
Backup files stored as regular files on disk — visible and encryptable
Snapshots exist at the filesystem layer — invisible to userspace malware
Verification = “backup completed” status message only
Automated daily clone + boot + health check — actually restores and verifies
Full copy per backup: 380 GB × 30 days = 11.4 TB storage
CoW snapshots: 30 daily backups share blocks (~40 GB delta total)
WHY IT MATTERS

What you get

Write once, read forever

Backups can’t be modified, deleted, or encrypted by anyone — not by hackers, not by compromised admins, not by ransomware with root access.

No trust required

Even compromised admin accounts can’t alter sealed backups. Automated daily verification runs in your CI pipeline — failed? You get an alert before it matters.

Instant verification

Every backup is restored to a temporary clone and health-checked automatically. Not “backup completed” — actually verified, every day.

THE GAP

The only backup with filesystem-level immutability

Traditional backup tools promise immutability through software locks. Rediacc enforces it at the kernel level — where ransomware can’t reach.

Capability VeeamRubrikCommvaultDruvaZerto Rediacc
Immutable backups [4] [5] [6] [7]
Filesystem-level enforcement
Automated daily restore verification [8]
Zero-copy storage (CoW)
Instant clone for testing [9] [10] [11] [12] [13]
Recovery time Minutes[14] Minutes[15] Minutes[16] Minutes[17] Seconds[18] <5 min
Self-hosted / no cloud dependency [19] [20] [21] [22]
We got hit with ransomware at 3:17am on a Saturday. The attackers encrypted 14 servers including our backup repository — or so they thought. Rediacc’s immutable snapshots were untouched. By 3:24am all 14 servers were restored from sealed backups. Total data loss: zero bytes. Total ransom paid: zero dollars.
Recovery 4,800x faster

Stop worrying about ransomware

Start with the free Community edition. Protect up to 10 workloads at no cost. No credit card.

Start Free with Community Free forever for up to 10 workloads
$ rdc repo push production --to backup-vault -m primary
Protect any containerized workload
Databases, mail servers, CI/CD, CMS, monitoring, vaults — if it runs in a container, Rediacc protects it.

Explore Other Solutions

ransomware

Immutable Backups

Backups that ransomware can’t touch

Current page ransomware

Rapid Recovery

Recover in minutes, not days

 ransomware

Safe OS Testing

Test OS updates without the risk

 multi cloud

Cloud Outage Protection

When AWS goes down, you don’t

 backups

Backup Verification

Every backup verified automatically

 encryption

Encryption You Control

Your keys. Your encryption. No exceptions.

 dev env

Environment Cloning

Clone production in 60 seconds

 defense

AI Pentesting

Clone production. Let AI attack it.
Sources & References
  1. Sophos, “The Impact of Compromised Backups on Ransomware Outcomes,” March 2024. “94% of organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack.” www.sophos.com
  2. IBM Security, “Cost of a Data Breach Report 2024,” July 2024. “The global average cost of a data breach reached $4.88 million in 2024, as breaches grow more disruptive and further expand demands on cyber teams.” newsroom.ibm.com
  3. Coveware, “Quarterly Ransomware Report Q2 2022,” July 2022. “In Q2, the average days of downtime was measured at 24 days, a decrease of 8% from Q1 2022.” www.coveware.com
  4. Veeam Hardened Repository provides Linux-based immutable backup storage using XFS with the immutable flag set at the file level. helpcenter.veeam.com
  5. Rubrik Atlas filesystem stores all backup data in proprietary append-only immutable format that cannot be modified or deleted. www.rubrik.com
  6. Commvault supports WORM storage lock and compliance lock on disk libraries for immutable backups. documentation.commvault.com
  7. Druva's SaaS architecture stores backups in an air-gapped, immutable cloud decoupled from the customer's environment. www.druva.com
  8. Veeam SureBackup automatically verifies backup recoverability by booting VMs in an isolated Virtual Lab environment. helpcenter.veeam.com
  9. Veeam Instant VM Recovery mounts backups directly on ESXi/Hyper-V hosts for near-instant VM recovery and testing. helpcenter.veeam.com
  10. Rubrik Live Mount instantly mounts backup snapshots as live VMs or file shares for testing and recovery. docs.rubrik.com
  11. Commvault Live Recovery boots VMs directly from backup via NFS export for instant testing and recovery. documentation.commvault.com
  12. Druva Instant Restore boots VMware VMs directly from backup cloud in under 5 minutes with live migration. help.druva.com
  13. Zerto continuous replication with journal-based recovery delivers near-zero RPO and minutes-level RTO for instant recovery. www.zerto.com
  14. Veeam Instant VM Recovery enables sub-5-minute RTO by booting VMs directly from backup files. helpcenter.veeam.com
  15. Rubrik Instant Recovery enables sub-5-minute recovery by mounting VMs directly from immutable snapshots. docs.rubrik.com
  16. Commvault Live Recovery enables sub-5-minute RTO by mounting VMs from backup with background Storage vMotion. documentation.commvault.com
  17. Druva Instant Restore minimizes downtime with sub-5-minute VM recovery directly from backup cloud storage. help.druva.com
  18. Zerto's always-on replication with sub-10-second RPOs and minute-level RTOs enables near-instant full-environment recovery. www.zerto.com
  19. Veeam Backup & Replication is deployed on-premises on Windows Server with full customer control over infrastructure. helpcenter.veeam.com
  20. Rubrik is deployed as on-premises appliances (r6000 series) with integrated compute, storage, and software. docs.rubrik.com
  21. Commvault supports fully self-hosted on-premises deployments with CommServe, MediaAgent, and Access Node components. documentation.commvault.com
  22. Zerto is deployed on-premises with a Zerto Virtual Manager and per-host Virtual Replication Appliances. help.zerto.com
Product performance claims are based on Rediacc’s btrfs copy-on-write architecture. Calculator estimates use industry-standard cost models; actual costs vary by organization.