How does Cybee protect backups against ransomware?

hree complementary layers: (1) end-to-end encryption with client-held keys — exfiltrated data is worthless; (2) S3 Object Lock immutability — during retention, backups can be neither altered nor deleted, which is precisely what ransomware attempts before encrypting production; (3) least-privilege isolation per agent — one compromised server cannot reach the repositories of the rest of the fleet. The last clean restore point always survives, restorable at up to 3 TB/h

Through three complementary layers of protection. Modern ransomware targets backups first, to leave victims with no way out. Cybee’s architecture is built so that the last clean restore point always survives.

  1. Client-side encryption. Data is encrypted with AES-256 on your machines before transfer, with keys under your exclusive control. Exfiltrated backup data is cryptographically worthless to an attacker.
  2.  S3 Object Lock immutability. During the retention period, backups can be neither altered nor deleted — which is precisely what ransomware attempts before encrypting production.
  3.  Least-privilege isolation. Each agent holds permissions strictly limited to its own scope: a compromised server cannot read or destroy the repositories of the rest of your fleet.

When the worst happens, recovery is fast: parallelized cloud restores reach up to 3 TB/h under optimal conditions — a restart measured in hours, not days.