跳至主要内容 跳至导航 跳至页脚
勒索软件防御

勒索软件无法触及的备份

您的备份从创建之日起即不可更改。没有人能修改它们。黑客不能,甚至你自己也不能。

每家备份厂商都承诺恢复。但没有一家每天验证它。Rediacc 会。

免费开始使用社区版 了解工作原理 → →
$ rdc repo push production
Snapshotting filesystem state .. done
Creating immutable btrfs snapshot .. done
Sealing with write-protection lock .. done
Verifying snapshot integrity .. done
Running automated restore test .. passed
✓ Backup sealed: production-2026-02-27T03:00
Time: 48s    Size: 380 GB    Status: immutable    Verified:

输出仅作示例,实际运行可能有更多日志。 CLI reference: rdc repo push

0
Files Changed After Backup
100%
Immutable by Default
<60s
Full Backup Time
问题所在

勒索软件首先瞄准你的备份

现代攻击者在加密文件之前会先找到你的备份。如果你的备份可以被修改,它们就会被修改。传统备份工具留下了后门——94% 的勒索软件受害者的备份在攻击期间被针对性攻击。你需要在创建的瞬间就锁定的备份。

94% of attacks target backups Sophos 2024 [1]
$4.88M avg breach cost IBM Cost of a Data Breach 2024 [2]
24 days avg recovery time Coveware Quarterly Report [3]
传统方式
Day 1 Schedule backup
Day 2 Backup runs
Day 7 Hope it’s clean
Day 14 Ransomware hits
Day 15 Backup encrypted too
使用 Rediacc
Backup
Sealed
Verified
真实成本

一次勒索软件攻击会花费你多少钱?

拖动滑块以匹配你的基础设施。数字累加得很快。

计算你的勒索软件风险敞口

不使用 Rediacc
每次事故的停机时间72 hours
恢复人力成本$43,200
声誉/客户流失$120,960
面临风险的收入$360,000
年度风险敞口
$524,160
使用 Rediacc
每次事故的停机时间<5 分钟
恢复人力成本约 $200
声誉/客户流失$0
面临风险的收入~$0
年度风险敞口
约 $200
面临风险的收入基于平均每分钟停机成本 $9,000(Splunk/Oxford Economics 2024)[4]。恢复人力:6 名工程师 × 恢复小时数 × $200/小时混合费率。声誉成本按直接成本的百分比估算(行业估计)。使用 Rediacc:不可变快照在 5 分钟内恢复——停机时间趋近于零。
工作原理

一条命令,全面保护。

1

Back up

Run rdc repo push production --immutable. Your data is captured and sealed instantly.

2

Lock

Immutability kicks in at the filesystem level. No changes allowed. Not by ransomware. Not by root.

3

Recover

When disaster strikes, your clean backup is waiting. Full environment restored in under 5 minutes.

生产环境 运行中
gitlab :443
postgres :5432
mailcow :25
redis :6379
4 个容器 380 GB
封存
不可变备份 已封存
gitlab read-only
postgres read-only
mailcow read-only
redis read-only
4 个容器 380 GB · 已锁定
底层技术

为什么勒索软件无法加密这些备份

Rediacc 使用 btrfs 只读快照在文件系统层面运行。一旦快照被封存,内核本身就会阻止修改——不是恶意软件可以绕过的软件锁,而是文件系统级别的不可变性。即使拥有 root 权限,勒索软件也无法加密、修改或删除封存的 btrfs 快照。

传统备份工具
Rediacc(btrfs 不可变)
Software-level “immutability” — can be bypassed with admin/root access
Kernel-enforced read-only snapshots — cannot be modified even with root
Backup files stored as regular files on disk — visible and encryptable
Snapshots exist at the filesystem layer — invisible to userspace malware
Verification = “backup completed” status message only
Automated daily clone + boot + health check — actually restores and verifies
Full copy per backup: 380 GB × 30 days = 11.4 TB storage
CoW snapshots: 30 daily backups share blocks (~40 GB delta total)
重要意义

您将获得什么

Write once, read forever

Backups can’t be modified, deleted, or encrypted by anyone — not by hackers, not by compromised admins, not by ransomware with root access.

No trust required

Even compromised admin accounts can’t alter sealed backups. Automated daily verification runs in your CI pipeline — failed? You get an alert before it matters.

Instant verification

Every backup is restored to a temporary clone and health-checked automatically. Not “backup completed” — actually verified, every day.

差距对比

唯一具备文件系统级不可变性的备份

传统备份工具通过软件锁承诺不可变性。Rediacc 在内核层面强制执行——勒索软件无法触及的地方。

功能 VeeamRubrikCommvaultDruvaZerto Rediacc
Immutable backups
Filesystem-level enforcement
Automated daily restore verification
Zero-copy storage (CoW)
Instant clone for testing
Recovery time Minutes Minutes Hours Hours Seconds <5 min
Self-hosted / no cloud dependency
我们在一个周六凌晨 3:17 遭到勒索软件攻击。攻击者加密了 14 台服务器,包括我们的备份仓库——或者他们以为如此。Rediacc 的不可变快照完好无损。到凌晨 3:24,所有 14 台服务器都从封存备份中恢复。总数据损失:零字节。总支付赎金:零美元。
恢复速度快 4,800 倍

不再担心勒索软件

从免费的社区版开始。免费保护最多 10 个工作负载。无需信用卡。

免费开始使用社区版 最多 10 个工作负载永久免费
$ rdc repo push production --to backup-vault -m primary
保护任何容器化工作负载
数据库、邮件服务器、CI/CD、CMS、监控、密钥库——只要在容器中运行,Rediacc 就能保护它。

探索其他解决方案

ransomware

Immutable Backups

Backups that ransomware can’t touch

Current page ransomware

Rapid Recovery

Recover in minutes, not days

 ransomware

Safe OS Testing

Test OS updates without the risk

 multi cloud

Cloud Outage Protection

When AWS goes down, you don’t

 backups

Backup Verification

Every backup verified automatically

 encryption

Encryption You Control

Your keys. Your encryption. No exceptions.

 dev env

Environment Cloning

Clone production in 60 seconds

 defense

AI Pentesting

Clone production. Let AI attack it.
来源与参考
  1. Sophos, “The Impact of Compromised Backups on Ransomware Outcomes,” March 2024. “94% of organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack.” www.sophos.com
  2. IBM Security, “Cost of a Data Breach Report 2024,” July 2024. “The global average cost of a data breach reached $4.88 million in 2024, as breaches grow more disruptive and further expand demands on cyber teams.” newsroom.ibm.com
  3. Coveware, “Quarterly Ransomware Report Q2 2022,” July 2022. “In Q2, the average days of downtime was measured at 24 days, a decrease of 8% from Q1 2022.” www.coveware.com
  4. Splunk & Oxford Economics, “The Hidden Costs of Downtime,” June 2024. “Each minute of downtime costs $9,000 or $540,000 per hour.” www.splunk.com
产品性能声明基于 Rediacc 的 btrfs 写时复制架构。计算器估算使用行业标准成本模型;实际成本因组织而异。