AWS Partner Network (APN) Blog
AWS and Elastio deliver comprehensive ransomware resilience
By: Cecily Polonsky, Chief of Staff, GTM Strategy – Elastio
by: Stuart Lupton, Senior Specialist SA, Storage – AWS
by: Danny Johnston, Principal Storage Specialist – AWS
![]() |
| Elastio |
![]() |
As ransomware threats grow more advanced, organizations across industries are strengthening their recovery readiness alongside prevention. Forward-thinking teams recognize that a robust recovery capability is a strategic advantage, one that enables confident operations even in the most challenging cyber scenarios. By designing recovery strategies purpose-built for modern threats, organizations gain the ability to restore critical systems quickly and reliably, even when attacks move laterally across production, standby, and backup environments. The result is a resilient posture where recovery points remain trustworthy and teams stay in control.
That’s why leading organizations are building ransomware-aware recovery strategies and, crucially, maintaining continuous visibility into the integrity of their recovery points. Amazon Web Services (AWS) services, including AWS Backup and AWS Elastic Disaster Recovery, provide the foundation for scalable, resilient recovery architectures that address these modern threat scenarios. Alongside partner solutions such as the Elastio Ransomware Recovery Assurance Platform, these services bring ransomware intelligence and recovery validation into a unified approach to resilience.
In this post, we examine how to develop ransomware-aware recovery strategies that are tested, trusted, and ready for the current threat landscape. You’ll see how to use AWS services and Elastio’s ransomware intelligence to gain continuous visibility into what is protected, what is vulnerable, and what can be safely restored, giving your organization the ability to recover when it matters most.
Why ransomware demands a new approach to recovery
For over 70 years, data protection as a strategy has mainly consisted of a combination of:
- High availability – In case of a local hardware failure
- Business continuity or disaster recovery plan – For recovery in case of a threat event
- Backup – An independent copy of the data for restoration
These data protection mechanisms remain valid and critical but haven’t kept pace with ransomware evolution. Traditional strategies assume failures are contained within data centers and won’t travel across networks. Ransomware deliberately exploits lateral connectivity between production, standby, and protection systems to eliminate all recovery avenues post-attack. This evolving risk requires a recovery strategy purpose-built to disrupt ransomware’s lateral movement, one that adds a layer of protection designed to isolate, validate, and preserve clean recovery data when it matters most.
The following graphic illustrates these three operational data protection layers with a cloud-hosted vault as the fourth layer to prevent ransomware lateral movement.
Figure 1: Traditional data protection layers plus a cloud-hosted data vault
A fourth line of data protection – Cloud-hosted data vault
A solution that resilient organizations are adopting is a cloud-hosted data vault (CHDV). A CHDV is an environment that secures mission-critical data assets in an immutable, air-gapped vault so that if ransomware attacks occur, businesses have good copies for recovery. The financial services industry (FSI) has learned how critical its interconnected systems are, and what global consequences could result if those systems fail. In response, financial services have taken a leading role in advancing data vaulting and ransomware recovery strategies.
Regulatory bodies are also driving data vault adoption in financial services. The Hong Kong Monetary Authority (HKMA) released regulatory requirements for Secure Tertiary Data Backups, and New York Department for Financial Services (NYDFS) released requirements for backups that are protected from unauthorized alterations or destruction. In the UK, the Cross Market Operational Resilience Group (CMORG) developed a reference architecture for CHDVs.
AWS and its partners have met this regulatory shift to deliver solutions that build on existing data protection to enable data vault strategies anchored on three essential pillars: immutability, air-gapping, and integrity validation.
How to get started with data vaulting on AWS
AWS has data protection mechanisms within its AWS services portfolio that can be used independently to construct resilient data platforms as needed. AWS Backup centralizes these data protection services and features into one place, using backup policies and job reporting to automate and monitor an organization’s data protection strategy.
A feature of AWS Backup is the logically air-gapped vault. A logically air-gapped vault offers additional security features compared to a standard vault that are automatically applied at creation:
- Logically air-gapped vaults are automatically created with compliance mode enabled. Data stored in these vaults is immutable.
- An AWS owned key manages encryption of the data. AWS Key Management Service (AWS KMS) managed keys and customer managed keys are also supported.
- Restore-only copies of the backups can be shared using AWS Resource Access Manager (AWS RAM) for quick restores and testing.
For on-premises infrastructure and Amazon Elastic Compute Cloud (Amazon EC2) workloads that require near-zero Recovery Point Objectives (RPOs), Elastic Disaster Recovery provides a fast and reliable solution for ransomware recovery. It enables rapid failover by creating a cost-optimized staging area in AWS, allowing servers and applications to be restored within minutes from a designated recovery point.
AWS Backup and Elastic Disaster Recovery both provide robust tools to protect mission-critical data and applications in the event of a ransomware attack. But protection only works if the correct data and systems are included and, just as importantly, if the data that is stored is trustworthy. That’s why visibility into data integrity, actionable insights, and continuous validation are essential components of an effective ransomware resilience strategy.
Elastio Platform 360 Ransomware Resilience – Critical visibility into recovery integrity
For critical insights and visibility into recovery data, organizations are turning to the Elastio Ransomware Recovery Assurance Platform. Elastio is an AWS Partner that brings ransomware-specific intelligence into the recovery process. Elastio integrates directly with AWS Backup logically air-gapped vaults through restore testing and Elastic Disaster Recovery to deliver continuous data integrity validation and visibility into an organization’s recovery posture. In this way, the Elastio Platform addresses the integrity pillar of ransomware recovery.
With ransomware threats growing more evasive, attackers often move slowly and stealthily, encrypting data over time or staging attacks in dormant states. This type of behavior can quietly compromise recovery points, even if they are made immutable or air gapped. Elastio helps customers stay ahead of this risk by continuously validating backup and recovery data against hidden ransomware indicators, insider threats, and silent corruption. The result is a real-time understanding of the recoverability of mission-critical data—a key factor when recovery speed, regulatory compliance, and business continuity are at stake. These insights are delivered through Elastio Platform 360 Ransomware Resilience User Interface (UI), which gives AWS customers a centralized view of recovery health across five core areas:
- Recovery Assurance – Confirms the presence of clean, usable recovery points across all protected assets.
- Ransomware Safety – Detects ransomware behavior, before or after detonation.
- Encryption Safety – Flags unauthorized encryption activity, including slow, stealthy changes indicative of insider threats.
- Asset Coverage – Highlights unprotected systems or gaps in the current recovery plan.
- Storage Health – Evaluates backup configurations for alignment with best practices for resilience.
The following screenshot shows the Elastio Platform 360 Ransomware Resilience UI dashboard with recovery health metrics across these five core dimensions.
Figure 2: Elastio 360 Ransomware Resilience UI dashboard
Each dimension is scored and monitored over time, offering a quantifiable view of ransomware recovery health. This level of operational visibility is especially important as organizations look for provable recovery readiness. Elastio helps meet those expectations by making recovery posture measurable and continuously verifiable. Critically, Elastio’s insights do more than live inside a dashboard. They drive real, high-impact decisions. Infrastructure teams rely on Recovery Assurance data to flag backups that fall outside the defined RPO windows. Security teams act on Ransomware Safety alerts to detect early-stage threats, pinpoint the last known clean version of compromised assets, and accelerate incident response, ensuring recovery to a verified, uncompromised state. Meanwhile, compliance teams use Asset Coverage intelligence to identify gaps in protection, such as unvalidated workloads, and proactively adjust policies to close those risks.
Elastio also provides a Model Context Protocol (MCP) server, the Elastio MCP Server, giving teams the ability to connect large language models (LLMs) such as Anthropic’s Claude directly to Elastio and use plain English prompts to ask questions, summarize findings, and identify compliance and recovery gaps in real time.
This level of visibility transforms recovery from a reactive process into a proactive discipline. In high-stakes environments like financial services, where cyber insurers, regulators, and boards demand proof of resilience, Elastio helps enterprises answer the question: Can you recover safely?
Conclusion
The data protection landscape has evolved. Where recovery strategies once focused primarily on accidental loss or localized incidents, today’s organizations are building defenses that account for deliberate, targeted attacks. As the barrier to entry for threat actors continues to lower, the most resilient organizations are staying ahead by adopting recovery architectures that assume compromise and ensure rapid, validated restoration regardless of the attack vector. In this environment, visibility, insights, and actionable data are key to understanding what good looks like, and, more importantly, what bad looks like, so it can be corrected. Combining these insights with a validated, clean copy of the data not only gives organizations the ability to recover but also limits the impact on customers and third parties. Together, AWS and Elastio offer a modern, integrated approach to ransomware-aware recovery. From immutability and air-gapping to continuous integrity validation and recovery assurance, their combined capabilities form the foundation of a resilient recovery posture—one designed to restore data as well as trust, operations, and business continuity in the event of a cyberattack.
Elastio – AWS Partner Spotlight
Elastio is the control point for cyber resiliency—because survival depends on clean recoveries. The Elastio Platform continuously validates storage and backups, detects ransomware encryption, and ensures uncompromised recovery, even from zero-days. By bridging the gap between security tools and immutable storage, Elastio removes the risk of unrecoverable data.


