Loading...
BNM RMiT BCM · ISO 27001 · PDPA · NIST CSF Recover
Backup-as-a-Service Malaysia
Ransomware-resistant immutable backup hardware leased on a 36-month bundle. Quarterly restore drills, documented RTO/RPO, and a recovery runbook that survives a ransomware attack.
Ransomware Reality
Modern ransomware operators target backups first
The ransomware business model depends on the victim having no clean recovery path. Early ransomware groups encrypted files and demanded payment. Defenders responded with better backups. Ransomware operators adapted: before deploying encryption, they now spend days or weeks inside the victim network identifying and destroying backup infrastructure. The dwell-time-before-encryption pattern — observed in the majority of significant enterprise ransomware incidents since 2020 — exists specifically to eliminate the recovery option.
A Malaysian manufacturing company that was hit by ransomware in 2023 discovered that all three of its backup servers had been encrypted simultaneously — days before the production encryption event. Its IT team had been monitoring successful backup jobs for months without ever verifying that those jobs produced recoverable data. The company paid the ransom, which is the intended outcome of this attack pattern.
Immutable backup changes the attacker economics. If the backup data cannot be deleted or encrypted regardless of what credential is compromised, the attacker loses the ability to remove the recovery option. Ransomware still causes damage — production downtime while systems are restored — but the alternative to paying (restore from clean backup) becomes credible. For organisations with effective immutable backup, the expected ransomware recovery cost drops by an order of magnitude compared to organisations without it. Pair this with Endpoint-as-a-Service for detection before encryption and see the full managed security leasing overview.
Why Lease vs Buy
Backup hardware ages into a liability without managed refresh
Backup appliances are purchased, configured, and then largely ignored until a recovery event. Drive failures accumulate. Capacity fills up. Software versions fall behind supported ranges. Vendor support lapses. The organisation continues paying for backup software licences while the underlying hardware quietly becomes less reliable. When the ransomware event arrives — often years after the backup infrastructure was last reviewed — the equipment is old, the runbook is stale, and the restore time exceeds the documented RTO by a factor of three.
The lease model includes 24/7 backup-job monitoring (failed jobs alert the nCrypt team immediately, not the morning after), quarterly restore drills with attestation, and a hardware refresh at month 30. The organisation's backup infrastructure is in continuously maintained, tested, and documented condition for the full 36-month term.
For healthcare organisations, BNM-regulated entities, and government agencies, the quarterly attestation also provides the compliance evidence that auditors increasingly require — not just confirmation that backup jobs ran, but confirmation that backup jobs produced recoverable data within the documented RTO/RPO. See our overview of BNM RMiT BCM requirements and the OT-Security-as-a-Service bundle if your environment includes industrial control systems that also need recovery planning.
Frequently asked questions
What does "immutable backup" actually mean and why does it matter for ransomware?
An immutable backup is stored using WORM (Write Once Read Many) technology or S3 Object Lock, meaning the backup data cannot be modified or deleted by any user — including domain administrators — for a defined retention period. Modern ransomware operators are aware that backups prevent payment, so they specifically target backup infrastructure before deploying encryption. They compromise the backup admin account, delete or encrypt the backup data, and then deploy ransomware. Immutable storage defeats this strategy: even a compromised domain admin account cannot delete the backups. The ransomware operator encrypts production but the recovery path remains intact.
What is our Recovery Time Objective and how is it established?
RTO (Recovery Time Objective) is the maximum acceptable time to restore a system or application after an incident. It is established during onboarding through a business-impact analysis — we identify which systems are most critical, what the business cost of each hour of downtime is, and what the realistic restore time is given the data volume and network constraints. We then size the backup infrastructure to meet the agreed RTO and document it in the runbook. Typical RTOs we achieve: single VM restore in 15 minutes, application tier (application + database servers) in 1–2 hours, full site restore in 4–8 hours depending on data volume.
Why do you run quarterly restore drills and what do they involve?
Backups that are never tested are not backups — they are backup attempts. A backup job completing successfully does not guarantee that the data is restorable; backup corruption, restore-path misconfiguration, and licence expirations have all caused recovery failures at the worst possible moment. Quarterly restore drills involve actually restoring a cross-section of systems to an isolated environment and verifying the data integrity and application functionality. We document the drill — time taken, any failures observed, and any tuning actions — and provide an attestation report. This report serves as the backup-control evidence for BNM audits and ISO 27001 audits.
How does this map to BNM RMiT business continuity requirements?
BNM RMiT Section 8 addresses business continuity management, including recovery time and recovery point objectives for critical systems. Financial institutions are required to have documented BCPs and tested recovery capabilities. The backup-as-a-service bundle provides the technical recovery infrastructure (immutable backup appliance), the operational runbook (documented recovery procedures), and the quarterly tested attestation that regulators expect to see. nCrypt attends BNM audit sessions as the technical operator to explain the recovery architecture and present the drill attestations.
Does the backup cover Microsoft 365 and other SaaS data?
Yes. Microsoft 365 backup (Exchange, SharePoint, OneDrive, Teams) is available via Veeam Backup for Microsoft 365, sized into the bundle. Salesforce backup, Google Workspace backup, and other SaaS platforms are supported on Mid-Market and Enterprise tiers. Microsoft's own retention and recycle bin features are not a backup — they have limited retention windows and do not protect against malicious deletion by a compromised admin account. A dedicated backup job to an immutable target closes this gap.
What is the difference between an air-gap and immutability, and do I need both?
Immutability (WORM/Object Lock) prevents modification or deletion of existing backup data by any user, including administrators. An air-gap physically or logically disconnects the backup media from the network, so ransomware that cannot enumerate the backup target cannot reach it at all. Both defend against ransomware but at different layers. Enterprise configurations include both: the primary immutable tier on-prem (deletions blocked by policy) and an immutable cloud tier with logical air-gap (the backup software has write credentials; nothing else does). For most SMB and Mid-Market organisations, immutability alone is sufficient and significantly more cost-effective than a physical air-gap.
Hardware-as-a-Service · 36-month bundle
Immutable backups against ransomware. From RM3,000/month.
Veeam Hardened Repository or Rubrik appliance — immutable, air-gapped, ransomware-recovery-ready. Tested quarterly with documented RTO/RPO.
What's included in the bundle
Hardened backup appliance with immutability (S3 Object Lock / WORM)
Initial backup policy + retention schedule
Quarterly restore drill with attestation report
Documented cyber-recovery runbook
24/7 backup-failure monitoring
Hardware refresh at month 30
Who this is for
- ✓Any organisation that has seen a ransomware incident (or wants not to)
- ✓Healthcare with regulatory retention requirements
- ✓Manufacturing with OT systems that cannot tolerate downtime
- ✓SMEs without dedicated backup operations
Deployment timeline
Week 1
Inventory, RTO/RPO discovery, retention policy design
Week 2
Appliance install, initial seeding (full backups)
Week 3-4
Restore validation, runbook delivery
Ongoing
24/7 monitoring, monthly health reviews, quarterly restore drills
Sample bundles by company size
SMB
RM 3,000 – 5,500 / month
Single appliance, 20-50 TB usable, single site
MidMarket
RM 5,500 – 12,000 / month
Primary + DR pair, 100-300 TB, replication
Enterprise
RM 12,000 – 30,000+ / month
Multi-region, 500 TB+, immutable cloud tier, air-gap vault
Aligned to your regulatory obligations
BNM RMiTISO 27001PDPANIST CSF — Recover
Frequently asked questions
Need a one-off engagement instead of a leased bundle?
See our consulting service →Get a Backup leasing quote
Share your user count, locations, and current stack. We'll respond within 24 hours.
Ready to size Backup for your environment?
Three minutes in the calculator. A precise quote emailed within 24 hours.
Financing available via our partner financial institutions. Indicative monthly figures based on standard 36-month terms; final pricing subject to credit assessment and signed master service agreement.