The backup the ransomware crew cannot touch.
Modern ransomware operators target backup repositories in the first hour of intrusion — before triggering the main payload. If your backup runs to a network share the attacker can reach, you have one backup. If it shares an authentication domain with production, you have one backup. The whedo.it default is Acronis Cyber Protect Cloud — immutable storage, separate identity boundary, Active Protection against the specific variants designed to delete backups, and monthly restore-testing so you know it actually works. Plus MDR overlay watching the backup repository itself for any tampering attempt.
Standard ransomware playbook in 2026: gain initial access through phishing or VPN, escalate privilege, enumerate backups, encrypt or delete the backups, then trigger the production payload. By the time you realise something is wrong, the backup is gone. 88% of SMB breaches in 2025 involved ransomware (Verizon DBIR). 60% of SMBs hit by serious incidents fail within six months.
Acronis Cyber Protect Cloud with 30-day immutable retention in Australian data centres. Backup repository on a separate identity domain — compromised admin credentials in production cannot reach the backup. Active Protection runs continuously against ransomware behaviour signatures; suspicious activity is blocked and rolled back. Backups cover servers, endpoints, and Microsoft 365 (Exchange, SharePoint, OneDrive, Teams) at granular restore level.
Monthly restore tests against a clean target — not a dashboard green-tick. Actual data, actual RTO, logged with timestamps. Acronis MDR SOC monitors the backup platform 24/7, flagging suspicious access, anomalous deletion patterns, and identity events. Disaster recovery capability available for environments where RTO requires failover, not restore. Annual full-DR drill with documented runbook.
Each of the six topics covers a layer of the security stack. They work together — phishing defence assumes good identity, identity assumes endpoint compliance, endpoint compliance assumes the tenant is locked down properly.
30 minutes, your environment, no deck. Warren walks the acronis backup & mdr surface with you and tells you what it would take to lock it down properly. No follow-up unless you ask.
A Support Representative will get in touch.
A Support Representative will be in touch the same business day.
No deck, no pitch — walk your environment with a senior Australian practitioner. Confidential by default.
I built this business because I wanted to do Managed services properly — for a small number of clients, at a senior level, with the same person on the end of the phone every time. The work is too important and the stakes are too high for anything less.
Behind the formal qualifications: a Cyber Security degree from the University of the Sunshine Coast, currently working on my Master’s, plus a continuous stack of Microsoft, Acronis and Nerdio certifications — the ones that have to be renewed because the threats don’t stay still.
Behind the certifications: thirty years of doing the work. I cut my teeth in consulting, then went to Cisco on the team building the original iPhone — Cisco’s VoIP handset, the trademark Apple later acquired in the 2007 settlement. At TPG in 1999 I sold frame-relay networks when frame-relay was the cutting edge of business connectivity. I built and sold a Sydney-based MSP called Online IT before relocating to Perth.
Three decades of watching what’s actually changed and what hasn’t. The technology has changed almost beyond recognition. The principles haven’t. Identity first. Backup that has actually been tested. A senior practitioner who knows your environment. Calm in an incident. Honest answers when the answer is “no.”
That’s whedo.it. That’s the brief. That’s why long-tenure clients don’t leave.
— Warren Ephron, Director