What makes ViVeSec Box different from a traditional backup?

ViVeSec Box is a closed, immutable appliance: backups are physically and logically isolated, ransomware cannot access or modify them. This is not guaranteed with classic backups.

How long does it take for business to recover after an attack?

Intact data stored on the ViVeSec Box is immediately available – there is no multi-day recovery phase. Full recovery of protected systems is a function of the recovery time, which is orders of magnitude shorter than restoring traditional backups from tape or the cloud.

What environments is it compatible with?

Windows servers and workstations, file servers, network file shares (SMB/NFS), and S3-compatible storage integrations. A detailed list will be provided during the request for quotation.

Where is the data stored?

On your own infrastructure. ViVeSec Box does not send data to third parties; all data and access are controlled solely by you.

What does the CRYSTALS-Dilithium signature and quantum resistance mean?

ViVeSec Box uses NIST-approved CRYSTALS-Dilithium post-quantum signatures to verify the integrity of saved data, combined with AES-256 symmetric encryption. This means you gain reliable long-term data integrity against current and future quantum computer attacks.

Does ViVeSec Box meet the requirements of NIS2 and DORA?

Yes. ViVeSec Box meets the immutable backup, audit log, access control and incident management capabilities required by NIS2 at the same time as deployment. For DORA-regulated financial institutions, recovery time (RTO) of less than 60 seconds and measurable business continuity are of particular value.

How is ViVeSec Box different from cloud-based backups?

Cloud-based services store backup data on the provider's infrastructure - making it vulnerable to compromise or inaccessible in the event of a service outage, and data stored with third parties is generally not acceptable in most regulatory systems. ViVeSec Box operates in your own infrastructure, with isolated, immutable storage, without external dependencies.

Do you need a dedicated IT team to operate ViVeSec Box?

No. The ViVeSec Box is a closed, hardened appliance that operates autonomously after deployment: firmware updates and security patches are managed by ViVeTech, and daily operation is limited to checking audit logs and alerts. Detailed admin tasks are included in the user manual.

Fill out the request for quote form and we will contact you within 1 business day to map your environment and select the right configuration.

Anatomy of a ransomware attack – minute by minute

A Hungarian logistics company with 85 employees was hit by Royal ransomware in December 2024. It caused a three-day total outage, affecting 60 machines and servers. We take a minute-by-minute look at how it unfolded – and what ultimately protected the data.

ViVeSec editorial team8 minute read

The attack began at 02:14 on December 18, 2024, via a carelessly left open RDP port. The attacker then expanded in the following timeline:

T+0 – Penetration

Brute force attack on an admin account. Password policy was weak (12 characters, no MFA). Login successful within 41 minutes.

T+2 hours – Reconnaissance

The attacker used SoftPerfect Network Scanner to map the network. 60 servers, 3 ESXi hosts, one SAN storage, and – crucially – a Veeam backup server with write access to the backup storage.

T+5 hours – Lateral movement

Using PsExec, the attacker accessed the Veeam backup server as an administrator. Here, he first deleted the backup repository configuration and then destroyed the files that started the backup chain. The classic "attack the backups first" strategy.

T+11 hours – Coding

Ransomware was running on the file server and SAN from 06:00 AM. The Royal variant is encrypted with AES-256 combined with ChaCha20. The morning shift was unable to log in.

T+3 day – Recognition and negotiation

The company contacted a DFIR specialist firm. They found that the classic backup was unusable (the attacker deleted it), there was no shadow copy (because Royal deletes it by default), and the only usable version was an 11-day tape backup – with partial data loss.

The change: ViVeSec Box introduction

The company deployed ViVeSec Box in January 2025. The architecture has fundamentally changed: the backup chain is no longer managed by a traditional backup server, but by the hardened appliance. Compromising Windows-side admin authentication does not reach the immutable volumes of the ViVeSec Box (out-of-band management, RBAC, 4-eye principle).

The second testing

The company re-enacted the attack chain using a red-team simulation exercise. The result: the attacker reached the Windows backup coordinator, but was unable to modify the immutable storage of the ViVeSec Box. In an internal benchmark, Instant Recovery restored operating systems in 47 minutes – without a single day of downtime.

The difference is not in faster backups. The difference is that the attacker cannot delete them even if they have hacked everything on the Windows side.