Article migrations and backups
Dawid Młynarski | 2026-03-10

Veeam Hardened Repository – What is it and how does it protect backups against ransomware in 2026?

Backups are like a fire extinguisher in an office – everyone knows they should be there, but few think about them on a daily basis. Until a fire breaks out.

In the world of cyberattacks, this "fire" has a specific name: ransomware, and it's spreading at breakneck speed. What was once an effective protection can now turn out to be an illusion of security. Why? Because cybercriminals have learned a new trick – they're no longer satisfied with encrypting your data. They're targeting your backup system directly.

A scenario that previously seemed impossible is becoming a harsh reality: attackers encrypt not only company data but also all backups. The company is left without a plan B. Without a solution.

The question is no longer "do we have backups?" but "will our backups survive the attack?"

What is Hardened Backup?

A hardened backup repository addresses this very problem. How can cybercriminals prevent encryption of a backup, even if they gain access?

Modern hardened backup solutions—such as Veeam Hardened Repository—use a combination of data immutability technology and advanced access control mechanisms. Let's take a look at how this works in practice.

Pillar One: Data Immutability

When configuring a hardened repository, the administrator specifies a minimum retention period for backup files—typically between 7 and 30 days. Data is then automatically locked using WORM (Write Once, Read Many) technology.

What does this mean in practice?

  • Files cannot be deleted before the retention period expires.
  • They cannot be modified or encrypted.
  • They cannot be moved to another location.
  • Files can be read and copied, enabling data recovery from a backup.

Pillar Two: One-Time Authentication

This is a unique security mechanism implemented by Veeam. It works like this:

  • Access credentials (login and password) are used only once – exclusively for installing Veeam components on a Linux server.
  • After installation, the system automatically switches to certificate-based authentication.
  • The original access credentials are not saved anywhere – they disappear forever.

This means that even if cybercriminals take control of the main Veeam Backup & Replication server, they will not find access data to the hardened repository there. Since Veeam 12, single-use credentials are required for all repositories with immutability enabled – the manufacturer has deemed this a sufficiently important security measure that it has become a mandatory standard.

Why does hardened backup matter to your business?

The statistics don't lie

Ransomware is no longer a problem for "someone out there" – it has become a statistical certainty. In 2025, 44% of all security breaches will be ransomware attacks, and the average cost of such an attack exceeds $2 million. It's not just about ransom—it's about downtime, lost customers, legal costs, and a damaged reputation.

Compliance and Regulatory Requirements

If your company operates in a regulated industry, hardened backup is not just good practice—it's often a legal requirement:

  • GDPR (General Data Protection Regulation)—requires data integrity and protection against unauthorized changes
  • HIPAA (Healthcare)—requires securing patient data with encryption and immutability
  • NIS2 (EU Directive)—requires regular, secure backups
  • Financial Industry (SEC, FINRA)—Veeam Hardened Repository meets compliance requirements

Penalties for a violation? Up to 4% of annual revenue in the case of GDPR. For a medium-sized company, this can amount to millions of zlotys.

Hardened Backup - an investment that pays off

Backups are the foundation of data security, but in the era of ransomware, traditional approaches are no longer sufficient. Veeam Hardened Repository offers what modern businesses need: a guarantee that data will survive even the most severe attack.

A hardened repository is a powerful tool, but its effectiveness depends on proper configuration and integration with your infrastructure. A retention period tailored to the RTO/RPO, correct immutability settings, recovery procedure testing, and integrity monitoring – these are the details that determine whether your protection will work in the event of an attack.

Online Support specializes in Veeam Hardened Repository implementations. Our team of certified experts will help you:

  • Assess your current security level
  • Plan and implement hardened backup
  • Ensure regulatory compliance
  • Test recovery procedures

Contact us to schedule a free consultation. Your data deserves the best protection.

Frequently Asked Questions (FAQ)

  • Can an administrator delete data from a Hardened Backup early?

    No. Even a person with the highest privileges (Root/Administrator) cannot delete or modify files locked by immutability before the specified time expires. This protects the company from insider attacks (e.g., a rogue employee).

  • Does Hardened Backup require specialized hardware?

    Not necessarily. A solution like Veeam Hardened Repository can be built on standard x86 servers running Linux (e.g., Ubuntu, Debian, RHEL). The key is the appropriate operating system configuration, not the specific server brand.

  • What is the optimal data retention period (lockdown period)?

    A standard retention period is 7 to 30 days. A shorter period may be insufficient to detect a ransomware attack, while a longer period can generate high costs for storing data that cannot be overwritten.

  • Does Hardened Backup protect against physical server destruction?

    Not directly. Immutability protects against logical deletion (hacker attack). To protect against fire or flooding in a server room, you should still follow the 3-2-1 rule, meaning you should keep one copy of your data off-site (e.g., in the cloud or another location).

  • How does Hardened Backup differ from a standard disk copy?

    The main difference is the impossibility of modification. In a standard backup, a hacker who gains access to the network can encrypt backup files just like production files. In Hardened Backup, files are "read-only" to the system, making them resistant to ransomware.

  • What happens after the retention period expires?

    Once the lock expires, files become "regular" files. The backup system can then delete them or overwrite them with new copies, according to a pre-defined rotation schedule.


Want to ensure your backups survive any attack? Our team of certified engineers will help you select the right infrastructure, configure Veeam Hardened Repository, and tailor your retention policy to your industry's requirements.

👉 Contact our Support Online experts

Dawid Młynarski - IT Specialist, Support Online
Related articles
Case study
| migrations and backups Case Study: Implementing Hardened Backup in Microsoft Azure. Read more
Article
| career Employee training and development in Support Online Read more
Article
| migrations and backups Veeam Hardened Repository – What is it and how does it protect backups against ransomware in 2026? Read more
Your IT.
our
support.
Contact us

The administrator of your personal data is Support Online sp. z o.o. Your personal data will be processed to respond to your inquiry and, if you consent, also to send the SOL newsletter. You can read about the detailed rules for personal data processing by our organization in our Privacy Policy.

FAQ
What does an IT company do? What IT solutions do we use at Support Online? When is it worth using an IT company? Why is it worth hiring an IT company rather than a freelance IT specialist? What are the advantages of working with IT Support Online?

An IT company, or IT firm, deals with information technology in a broad sense. This includes, among other things:

  1. Software design and development: An IT company can create custom applications for other companies or software products for the mass market. Depending on their specialization, these can include mobile applications, desktop applications, web applications, or embedded systems.
  2. Consulting services: An IT company often provides experts to advise on implementing new technologies, optimizing business processes, or selecting appropriate technological solutions.
  3. Cloud solutions: Many IT companies specialize in implementing and managing cloud solutions, such as data storage, application hosting, and data analysis platforms.
  4. IT security: Protection against cyberattacks, security audits, implementing security policies, and network monitoring are just some of the IT companies' responsibilities in this area.
  5. IT infrastructure management: In this area, a company may manage servers, databases, networks, and endpoints.
  6. Technical Support and Service: An IT company may provide support for its own products or general IT support for other companies, managing their technology on a daily basis.
  7. Training: Many IT providers also offer training in software use and secure technology use.
  8. Hardware Solutions: Some IT companies may also provide and configure computer, server, or network hardware.

Depending on their specialization and size, an IT company may offer one, several, or all of the above solutions. When choosing a provider, it's important to thoroughly understand their services and tailor them to your individual needs.

At Support Online, we have been supporting companies for years with

  1. comprehensive user support (both on-site and remotely),
  2. we service computers, phones, tablets, and related network issues,
  3. we specialize in server administration: Windows, Linux/Unix,
  4. we support virtualizers such as KVM, Hyper-V, VMWare, and Proxmox,
  5. we support cloud services, particularly solutions such as Azure, Microsoft 365, and AWS,
  6. we monitor servers and devices on the internet,
  7. we consult on development, DRP, and support the stability of your business in the IT layer.

If you're looking for a good IT company, Support Online is the right place to grow your business.

It's worth using an IT company like Support Online when:

  1. You plan to implement new technologies or software in your company.
  2. You need specialized technology consulting.
  3. You want to optimize existing IT processes.
  4. You struggle with digital security issues.
  5. You need support in managing your IT infrastructure.
  6. You lack internal resources or expertise to implement certain technology projects.

Using external IT experts can bring benefits in terms of saving time and resources, and ensuring high-quality solutions.

Hiring an IT company like Support Online offers several key benefits over an IT freelancer:

  1. Support from the entire team: An IT company has a full team of specialists, from DevOps specialists and Cyber ​​Security Specialists to IT Helpdesk Specialists, who possess diverse skills and experience, enabling faster problem resolution and the implementation of more complex projects.
  2. Reliability and stability: IT companies have an established reputation and track record, which can translate into greater reliability and stability of services.
  3. Maintenance and support: An IT company can offer service contracts, warranties, and after-sales support, which may be more difficult to obtain from an individual freelancer.
  4. Resources: Companies have access to more resources, tools, and technologies that can accelerate and improve project execution.
  5. Long-term availability: The risk of a freelancer disappearing or changing careers is greater than the risk of a well-established company going out of business.

However, it's worth noting that the choice between a company and a freelancer depends on your specific needs and situation. If you value peace of mind and a quick response to unexpected problems, it is worth choosing an IT company such as Support Online.

Partnering with IT Support Online offers the following advantages:

  1. Professional IT outsourcing: The company guarantees high-quality IT outsourcing services for businesses of all sizes.
  2. Comprehensive IT support: IT Support Online provides comprehensive IT support that meets the diverse needs of businesses.
  3. Saves time and money: With our support, clients can focus on their core business activities while reducing the costs associated with information technology management.
  4. Serving a diverse range of businesses: The company specializes in serving both small and medium-sized enterprises and large corporations, demonstrating its flexibility and ability to adapt to diverse client needs.
  5. Leadership in IT outsourcing: The company is recognized as a leader in IT outsourcing, particularly in the Poznań and Warsaw regions.

By partnering with our company, IT Support Online, businesses can count on a high standard of service and professionalism at every stage of the relationship.

Free consultation
22 335 28 00