Top climate in IT thanks to ransomware protection for backups

Companies need a comprehensive security strategy to defend against cyberattacks and keep their data safe. This strategy should cover not only traditional security measures like endpoint protection and firewalls, but also backup protection. If a ransomware attack hits, an uncompromised backup is the last line of defense to keep ransom payments and major damage away from the company. For this reason, Systemair has made the unconditional protection of backups a top priority and equipped its Veeam data protection environment with GRAU DATA’s Blocky for Veeam® ransomware protection.

The Swedish Systemair Group celebrated its 50th anniversary in 2024 and employs over 6,600 people worldwide. More than 90 companies in 51 countries belong to the group and produce and distribute innovative ventilation and air conditioning systems, among other things.

The company’s global presence and the steady increase and sophistication of cyberattacks were key reasons why Systemair wanted to protect its backups from ransomware.

“Despite all precautions, it’s not a question of whether you will be attacked with ransomware, but when and with what impact,” says Tino Lahs, IT Technical Engineer at Systemair. “Our international structure with local servers and our main data center in Stockholm had to be secured as much as possible against the dangers of cybercrime with ransomware. At the beginning of 2024, we decided to take action and now store our backups in a repository that cannot be compromised.”

Good level of protection, but not yet perfect

Systemair has been relying on Veeam’s backup and recovery solutions for its global backup infrastructure for over ten years. Data backups from 47 global branches are managed centrally in Sweden via Veeam.

With Systemair’s backup concept, data backups are created at the company headquarters and at each branch office on the Windows servers located there. The branch offices then transfer the backup sets to the central data center in Stockholm. In doing so, the company follows the common rule of storing data backups locally and at a remote location in order to ensure that the data backups are reliably available in the event of technical system failures or natural disasters.

The Windows servers responsible for backup were also protected with effective security solutions on the operating system side to ensure a high level of cyber protection. And yet, IT managers still had certain doubts as to whether the protection of the backup repositories, which serve as the last line of defense against ransomware, was ultimately good enough given the large attack surface of Windows machines. According to global surveys conducted by Veeam, 96 percent of ransomware attacks also target backups, with 43 percent of compromised data being irrecoverable after the attack. In addition, according to the study, 27 percent of companies whose backups were affected by ransomware are unable to fully recover their data despite paying the ransom.

Given this risk potential, it was clear to Tino Lahs that reliable ransomware protection specifically for backup repositories had to be found that would also integrate seamlessly into the existing backup infrastructure. Moving away from Veeam’s highly satisfactory backup and recovery solution was out of the question. While searching for a suitable solution, the IT professional came across a ransomware protection solution developed specifically for Veeam environments: Blocky for Veeam from GRAU DATA, the German specialist for data archiving, data protection, and metadata-driven data search.

Effective backup protection with proven technology

Blocky for Veeam® protects Windows NTFS or ReFS volumes on Veeam servers against encryption by ransomware. The ransomware protection is based on a derivative of GRAU DATA’s proven WORM (Write Once Read Many) technology. WORM protection integrates seamlessly into Veeam backup software and provides independent ransomware protection. To prevent unauthorized applications—including ransomware—from accessing the backup, only the backup application itself can uniquely identify itself to the filter layer with its digital fingerprint. This prevents unauthorized access to the backup repositories per se. However, cybercriminals sometimes prepare their attacks unnoticed on the network for weeks and occasionally gain access to the administrator level. This risk is also eliminated with an additional security feature. In Blocky for Veeam®, unauthorized actions on the Blocky configuration at the administrator level are prevented with integrated password security. Even after the administrator has logged in, critical core functions such as uninstalling or disabling ransomware protection cannot be triggered without an additional, independent password.

“This gave us exactly the protection we needed for our backup recovery infrastructure. No adjustments to the existing system are necessary, and the ransomware protection runs silently in the background,“ confirms Tino Lahs. ”We briefly considered the possibility of immutable storage with version 12 of Veeam. However, since this feature does not support Windows environments, Blocky for Veeam® is the ideal solution for us.”

Quick setup of the last line of defense

After the tests proved consistently satisfactory, Systemair organized a step-by-step implementation of Blocky for Veeam®. The tests confirmed GRAU DATA’s promise that installing and setting up ransomware protection would be quick and easy. Within about an hour in June, backup ransomware protection was set up in the test environment. In July 2024, the first installation on the main repository in Sweden, with around 70 terabytes, was completed just as quickly. This was followed by the gradual rollout of Blocky for Veeam® on the servers of the 47 business units distributed worldwide.

Since the functionality of the Veeam backup software is not affected by ransomware protection, nothing changed at Systemair in terms of the defined processes of the backup concept. Today, in addition to the backups in the main data center, data backups are also created locally in the branch offices using Veeam and ransomware protection and then replicated to the data center. Once all local installations are complete, Blocky for Veeam® protects the global backup inventory of around 160 terabytes from unauthorized access and ransomware.

Securing backups with Blocky for Veeam® is a fundamental part of Systemair’s company-wide security strategy, which takes into account not only technical protection but also requirements such as the GDPR and NIS2 rules.

“Downtime caused by ransomware is a scenario that we absolutely must prevent at Systemair. Critical systems, such as CRM, can only be down for a maximum of four hours according to current estimates. That’s why these systems are backed up frequently and protected with Blocky for Veeam®. For other, less critical systems, we have a slightly higher tolerance,“ says Tino Lahs. ”The combination of Veeam and Blocky for Veeam® also passed our regular restore tests without any errors. With this solution, we have achieved a level of protection that gives us complete peace of mind.”