Recent Breaches
Breaches
View All →
Why OSS

Physical Air Gap
Ransomware Protection

Cloud Object Lock is software pretending to be a wall. A physical air gap is the wall. When ransomware protection matters, the gold copy belongs offline at Layer 1.

R2
What it is

Physical Air Gap for Ransomware Protection

Short, declarative definitions to explain why Layer 1 disconnection is the most reliable ransomware defence.

01
Removing the cable, not just the permission

Layer 1 physical disconnect

A physical air gap means there is no electrical path between the storage hardware and any network. At Layer 1 of the OSI model, the cable is simply not connected. No IP address can be assigned, no port can be scanned, and no credential can bridge a gap that exists in copper and fibre rather than in software policy.

No network interface when offlineNo IP, no listener, no APIOut of band switching only
02
Gold copy that survives the incident

Physical separation at rest

Firevault Offline Secure Storage keeps your ransomware protection copy on hardware that is physically separated from every production system. While your estate is online and operational, the gold copy is offline. When a connection window is required, it is scheduled, identity verified and audited.

Always offline by defaultScheduled connection windowsTamper evident audit trail
Where cloud backup falls short

Why Immutable Cloud Backup Is Not Ransomware Proof

The failure modes ransomware operators exploit on the way to your cloud backups.

01
Object Lock and WORM are logical controls

Immutable does not mean unreachable

Cloud backup platforms advertise Object Lock, versioning and WORM as ransomware protection. These are logical controls on a network that remains connected. An attacker who reaches a privileged account can weaken, disable or wait out the policy. The data is still physically reachable.

Reachable over the internetDefended by identity and policyAdmin compromise defeats logic
02
Identity is the attack surface

Credential theft is the entry point

Modern ransomware operators do not brute force encryption. They phish, buy or steal credentials into cloud consoles. Once inside, backup APIs are the first target. Session tokens, service accounts and cross-account roles all provide a path to the immutable copy.

Phished console accessSession token theftBackup role escalation
03
Ransomware crews hunt backups first

Backup console targeting

Incident reports from NCSC, CISA and major cyber insurers show a consistent pattern: attackers identify backup infrastructure early, then disable or encrypt it before touching production. A reachable backup console is a single point of failure disguised as protection.

Backup infrastructure mapped firstRetention rewritten or poisonedMass deletion before lock window
Why physical air gap wins

Layer 1 Disconnection Removes The Attacker's Prerequisite

Remote ransomware needs a reachable target. Firevault Offline Secure Storage removes the path before the playbook starts.

01
Remote ransomware needs a target

No reachable surface

Every remote ransomware playbook begins by reaching the victim. A physically disconnected Firevault disk has no NIC, no IP and no service to authenticate to. The attacker cannot scan what is not on the network, and cannot authenticate to hardware that is not listening.

No NIC, no IP, no listenerNo credential to compromiseOut of band switching only
02
Independent of identity systems

Privilege cannot reattach a cable

Logical immutability collapses when an attacker gains sufficient privilege. Physical disconnection does not depend on privilege at all. No domain admin, storage admin or cloud root account can connect hardware that is physically unplugged. The boundary is physics, not policy.

No domain admin pathNo storage admin abuseInsider risk reduced to physical access
03
The gold copy that outlasts the attack

Survives the rest of your estate

Most organisations keep their existing cloud or immutable backup for fast operational recovery, and add Firevault as the always offline gold copy. When ransomware reaches the hot and warm tiers, the offline copy remains untouched, unchanged and verifiable.

Layered alongside cloud backupTamper evident audit trailClean restore point of last resort

Physical Air Gap Ransomware Protection, Common Questions

Mark Fermor
David Bailey
Kenny Phipps
Online Now
Concierge

Add an offline gold copy to your ransomware protection

Talk to the Firevault team about layering a physically disconnected gold copy alongside your existing cloud or immutable backup.

Takes about 2 minutes. No account needed.

Free2 minsNo sign-up

    Firevault

    Firevault is Offline Secure Storage. Hardware you own, physically disconnected by default, with KYC-verified access. Ransomware-proof by design, not by patch.

    © 2026 Firevault Limited. Disconnect to Protect®