Skip to Content
Continuity and Recovery

What is immutable backup?

An immutable backup is a copy that cannot be altered, encrypted or deleted by anyone once created, not by an administrator with the password, and not by ransomware already inside the network. It is a read-only copy, isolated by architecture, built to survive the very attack that destroys ordinary backups.

Zamak TechnologiesUpdated on July 10, 2026

How immutability works

Immutability is not a setting you turn on and off. It is a property of how the copy is written and stored, designed so that not even stolen credentials can touch it.

1

Write once, read many

The copy is written in a read-only format. There is no command to “edit” or “delete” that point in time until the retention period expires.

2

Isolated from the production network

The copy stays out of reach of the compromised environment, without depending on the same credentials or the same network the attacker controls.

3

Reinforced by identity and time

Changing the policy requires strong verification and a grace period, so a hijacked account cannot simply cut retention and destroy everything.

4

Multiple points in time

Several immutable points coexist, so you can recover from before the infection, even if the attack lay dormant for days.

Sources: Sophos, The Impact of Compromised Backups on Ransomware Outcomes (2024), and cyber resilience vocabulary (fortified copies).

How ransomware tries to destroy the backup

  • Deleting or encrypting the backup files along with the production ones
  • Using stolen administrator credentials to shut down the backup jobs
  • Cutting retention so the older, clean points expire early
  • Attacking the backup server on the same network, treating it like any other target
  • Silently corrupting the copies and hoping no one tests recovery

Why the backup became the attack's first target

94%
of ransomware attacks tried to compromise the backups too (Sophos 2024)
more likely to pay the ransom when the backup is compromised (Sophos)
higher recovery cost when the backup is hit, US$ 3M vs US$ 375K (Sophos)

Ransomware groups learned that a company with an intact backup does not pay the ransom. So they changed the order of the attack: first they find and destroy the copies, then they encrypt production. In 94% of attacks the criminals tried to compromise the backups as well (Sophos, 2024). And it works: when the backup is hit, a company is almost twice as likely to pay the ransom, and the total recovery cost runs up to eight times higher, US$ 3 million versus US$ 375,000 (Sophos). Immutability exists to break that logic: if the copy cannot be touched, an attack on your network is not an attack on your backups.

What makes a backup truly immutable

Not every backup that calls itself “protected” survives a compromised administrator. Look for these attributes:

  1. Genuinely read-onlyNo account, not even the administrator, can alter or delete the point in time before its term. Immutable by default, not by option.
  2. Isolation by architectureThe copy does not live on the production network. The attacker who owns the environment cannot reach the backup.
  3. Retention policy protectionCutting retention requires strong verification and a grace period, so an account takeover cannot erase the history.
  4. Independent of credentialsThe backup does not depend on the same login the attack stole. A second factor separates the vault from the rest.
  5. Proof of recoveryImmutable and tested. An intact copy only counts if it still restores, and that is confirmed with automated testing.

In practice

Immutable means that not even you, with every password, can delete that point in time before its term. That is exactly why the attack cannot either.

How Zamak handles immutability

Zamak Technologies keeps immutable copies isolated from the environment, so an attack on the network does not become an attack on your backups, with recovery testing that confirms the intact copy still restores. A good starting point is the ransomware readiness check, which measures your recovery line. It is part of Continuity in the Zamak Method.

Frequently asked questions about immutable backup

Is immutable backup the same as cloud backup?
No. Being in the cloud does not make the copy immutable: if the same credential the attacker stole can delete the cloud backup, it does not survive. Immutable means read-only and protected against change, wherever it lives.
Can an administrator delete an immutable backup?
Not before the retention term. That is the point: even a legitimate, or hijacked, administrator account cannot alter or remove the copy while the period holds. This neutralizes the attack that uses stolen credentials.
Does immutability protect against ransomware?
It protects your ability to recover without paying. Ransomware can encrypt production, but cannot touch the immutable copy, so you restore from a clean point instead of negotiating with the criminal.
How long does the copy stay immutable?
For the retention term you set. Several points in time are locked in parallel, which lets you recover from before the infection began, even if it went unnoticed for days.
Does immutable backup replace the other defenses?
No. It is the safety net that protects your recovery when the other layers fail. Detection, email and identity prevent the attack; immutability makes sure you can come back when an attack gets through.