hamburger icon close icon
Ransomware Recovery

Immutable Backups with Cloud Backup: A Key Tool in Ransomware Protection

Read Next:

Ransomware attacks are becoming more prolific in today’s IT landscape, with attackers always on the lookout of opportunities to infiltrate systems. Once enterprise systems and data are targeted by attackers, it can make carrying out day-to-day business operations impossible. Ransomware recovery is one effective method of restoring your data if your system is breached, but immutable backups can provide another layer of protection against malware attacks.

Traditionally, backup data has been a way to avoid the negative impacts of an attack, but now attackers are also targeting the backup data, making it difficult to restore systems to a working state.

In this blog we explain how the immutable backups provided by NetApp Cloud Backup can help protect your business from malicious malware attacks that target backup data.

Click below as we cover:

Immutable Backups Using NetApp Cloud Backup

The threat of ransomware is clearly serious: just look at the recent events at Acer, Colonial Pipeline, CNA Financial, and MediaMrkt. Leveraging immutable backup copies is a method to avoid these kinds of outcomes. One way NetApp makes it possible to create such immutable copies is through NetApp Cloud Backup.

Cloud Backup provides a cost-effective and enterprise-grade backup solution for ONTAP data on-premises and in the cloud. With block-level incremental backups, Cloud Backup provides comprehensive protection for all types of data: structured, unstructured, databases, and virtual machines. The service is cost effective as it uses low-cost object-based storage and archive tiers in the cloud to store the backup data. It also provides immutable backups that can help protect your data from malware attacks.

What Is Immutable Backup?

Immutable backups are backups that are read-only by design. That means once they are created they can’t be altered, even by a ransomware infection. No real damage can be done even if the threat vector manages to reach the backup data copy.

Immutable backups provide a fail-proof solution for recovering mission-critical data in the event of a malware infection at source. The read-only copies can be used to restore clean data from a point in time before the infection.  

The underlying technology for creating the immutable backups used by Cloud Backup is NetApp Snapshot™. Snapshot creates point-in-time copies of data volumes using Write Anywhere File Layout (WAFL) technology. With WAFL, instead of rewriting the original data blocks, new data blocks are used for updated data. WAFL then changes the pointer to this new block for the updated data. So, instead of touching the actual data, only the pointers are manipulated. Due to this method of snapshot creation, Snapshot copies are inherently highly time and storage efficient.

Snapshot copies can be created in less than a second, irrespective of the size of the volume. Once Snapshot copies are created, any changes in data are reflected as further revisions of the data objects. Applications can access previous versions of files, directory hierarchies, and/or LUNs (Logical Unit Numbers) without additional overhead through the read-only view of the copy.


With SnapMirror® data replication, the backup copies can be moved to the cloud for additional aircover protection.The backup copies are stored in a different format—i.e., in cloud-based object storage—separated from the original ONTAP source. As the backups are stored remotely, they are outside of the blast radius of malware attacks. The immutable nature of the backups shields it further from corruption.

In the unfortunate event of a ransomware attack, you can quickly revert to a point-in-time state of the data before the attack. As the backup copies are independent of the source, recovery is possible even if the source is completely corrupted due to malware infection. The immutable Snapshot backups still provide a reliable copy of the data that can be used for point-in-time recovery. The blocks in the source infected by ransomware can be restored with clean data from any backup that was taken before the attack.

How Cloud Backup Uses Immutable Backups

Using immutable backups, Cloud Backup copies can help prevent costly downtime, keeping the data safe and enabling rapid recovery.

Direct, object-based backups: The backups are stored in object storage and there is no hardware media involved. This is a huge advantage over many other solutions, which rely on an intermediary gateway before data can be stored in the cloud or retrieved. The automated backup schedules ensure continuous protection of your data.

Restore what you need: Cloud Backup provides the flexibility to revert your systems to a preferred uninfected data point. With granular restore options, you can choose to restore individual files or entire data volumes. Cloud Backup’s indexed catalog lets you search for the specific files you are looking to restore.

Backup efficiency: The backup process is lightweight—during incremental backups, only any changed data blocks and active file system pointers are updated. This efficiency makes it possible to store backups cost-effectively for long periods of time, which is ideal for industries with mandated rules for retaining data.

Cross region, cross account, cross clouds: With NetApp’s Cloud Manager you can manage Cloud Backup’s immutable backups in all three major cloud providers. With this capability, you can follow the best practice of having several copies of the data stored in multiple regions and clouds. This can ensure that the copies are totally independent and won’t be affected by one another.

Fast recovery: Restores are extremely quick since Cloud Backup uses block-level technology, which is faster than traditional file-level backups.

Additional Data Protection Considerations

In addition to the immutable nature of backups, Cloud Backup copies also provide additional data protection features for business critical applications.

Encryption: Cloud Backup protects backup data at rest as well as in transit. To encrypt the data at rest, it uses AES-256-bit encryption. When backup data is transferred from ONTAP to cloud storage it is encrypted in transit using TLS 1.2 HTTPS connections.

Customers also have the flexibility to use their own keys for encryption of data at rest in cloud storage. This is done by leveraging the key management service from respective cloud providers. For example, the customer-managed encryption keys stored in AWS KMS or Azure Key Vault can be used to encrypt the target object storage in these platforms.

Full access control: The backup copies are stored in cloud storage in the cloud environment managed by the customer. NetApp does not have access to the data. The object storage being used to store the backups will have public access disabled by default. The cloud provider's access management controls will determine who has access to this object storage. This will enable customers to provide permissions based on the principle of least privilege and ensure that only authorized users can access the data.

Connectivity: The connection from the on-premises environment to the cloud storage environment where the backup copies are stored can be protected via private network connectivity.

You can use services such as AWS PrivateLink and Azure ExpressRoute to establish a direct connection to a cloud service provider environment that does not traverse the internet. For Azure environments, connections between Cloud Volumes ONTAP and Blob storage are secured using Azure Private Link. Cloud Backup also provides the flexibility of using a proxy server for backup and restore operations, as per your network requirements.

Single-view control plane: Cloud Backup is fully integrated with NetApp Cloud Manager to provide a centralized SaaS control plane. Unlike hardware-based backup services that offer more surface area for attack, SaaS solutions are more secure. The SaaS layer does not store any data.

Communication between the user's browser and the local connector or different NetApp services integrated in Cloud Manager are all secured through HTTPS with a NetApp-signed certificate. The authentication and authorization to the Cloud Backup are managed by Cloud Manager in a fully secure multi-tenant model.

Replicate WORM volumes using NetApp SnapLock®. Cloud Backup connects with SnapLock to create Write Once, Read Many (WORM) storage volumes that can be used to copy onto a secondary ONTAP platform. These WORM volumes using SnapLock add another layer of security to your data as it protects it against risks such as accidental deletion or harmful actors.


Ransomware attacks are costly. Any amount of data loss has a serious potential to impact customer trust and your business operations, including financial and legal penalties. As an organization, it’s essential to build up your cyber resilience against ransomware, and Cloud Backup can do that. Immutable backups, such as those provided by NetApp Cloud Backup, can help bring your business back online and avoid paying heavy ransoms in the event of a ransomware attack. It also helps honor your customer SLAs and recovery point objectives.

Beyond immutability, Cloud Backup’s block-level, incremental forever backups provide faster restores and more cost-efficiency than any other backup solution on the market, making sure your data is safe, protected, and easy to restore should an attack ever take place.

Don’t let ransomware hold you hostage. Sign up for a free trial of NetApp Cloud Backup to start protecting your data today.

New call-to-action


What is immutable storage?

Immutable storage refers to a form of data that cannot be changed once it has been created. This data can be read only, but there will be no way to alter the contents of the data, making it safe from corruption or malicious use.

How long are immutable backups stored?

Immutable backups can be stored for any given period of time. In cases where there is a mandated time requirement for data to be retained, immutable backups can serve this purpose, and ensure that the data will not be altered during that period.

Can immutable backups be deleted?

Once immutable backups are created they cannot be changed, and that also means they cannot be deleted. This is useful in combating ransomware as it ensures that the copy remains intact and always available even if an attack has locked out the primary data set.

Semion Mazor, Product Evangelist

Product Evangelist