Syneto Syneto
Solution Brief · 2026

Ransomware Protection.

Immutable Recovery Points, Logical Air-Gap and Rapid Data Revival™ — the three Syneto pillars that have kept ransom-paid count at zero across 5,000+ deployments.

Companies
5,000+
Partners
250+
CSAT
98%
Bytes lost
$0
SYNETO  |  SOLUTION-BRIEF-RANSOMWARE-PROTECTION  |  SOLUTION BRIEF v1.0 EN-IT-ES
Solution Brief02
Legal imprint

About this document

Publisher

Syneto SpA

Via Cefalonia 70, Brescia 25124, Italy

VAT RO15999720 · REG J35/2971/2003

Contact: [email protected]

Phone: +39 051 095 3000

Web: https://syneto.eu

Offices

Italy (HQ) · Brescia

Romania · Timișoara

Spain · Madrid

Certifications

ISO 9001 — Quality Management

ISO/IEC 27001 — Information Security

Copyright & trademarks

© 2026 Syneto SpA. All rights reserved. "Syneto", the Syneto logo, "SynetoOS", "Syneto CENTRAL", "Hyperion", "HYPER Core", "HYPER Edge", and "HYPER Echo" are trademarks of Syneto SpA. All other trademarks are the property of their respective owners.

Document scope

Solution brief covering the Syneto ransomware-resilience architecture: how Immutable Recovery Points are kernel-enforced at the SyFS layer, how the Logical Air-Gap segregates the protection plane from production, and how Rapid Data Revival™ delivers sub-minute restoration of compromised VMs. Includes the kill-chain map, the defence-in-depth topology, an incident-response runbook timeline and a sample post-incident dashboard.

syneto.euPage 2 of 9
The problem03
Chapter 01 · The problem

The ransomware kill chain.

Modern ransomware operators target backups first. They know undeletable backups are rare, and they will spend weeks dormant in the network specifically to find and destroy them before encrypting production.

01

Phase 1 · Access

Phishing, RDP brute-force, supply-chain backdoor. Average detection lag: 11 days.

02

Phase 2 · Lateral

Privilege escalation, AD enumeration, mapping the backup repositories.

03

Phase 3 · Hunt backups

Veeam servers, NAS shares, tape catalogs identified. Tape robots disabled.

04

Phase 4 · Exfiltrate

Sensitive data staged for double-extortion leverage. TB-scale exfiltration over weeks.

05

Phase 5 · Detonate

Mass encryption fires across compromised hosts. Ransom note delivered.

The cost of paying ransom

Average 2025 ransom: €1.8M. Average recovery cost AFTER paying: €5.1M (only ~60% of data ever decrypted). Reputational and regulatory damage continues for years.

syneto.euPage 3 of 9
The Syneto approach04
Chapter 02 · The Syneto approach

Three pillars of resilience.

Ransoms paid
€0
Customers protected
5,000+
Years track record
18+
Avg revival time
<2 min
Immutable Recovery Points™ Kernel-enforced WORM at SyFS Logical Air-Gap Production has no write path to the vault Rapid Data Revival™ One-click VM boot from any Recovery Point sha-256 + TPM seal Pull-only replication SyFS clone-boot
The three Syneto pillars work as defence in depth — any one of them stops most attacks, all three together close the gap.
syneto.euPage 4 of 9
Architecture05
Chapter 03 · Architecture

Defence in depth, plane by plane.

restore boot Production tier HYPER Core · VMs SyFS · WORM commit Recovery Points Smart Replicator AES-256 + dedup Logical Air-Gap Pull-only fence HYPER Echo Vault Recovery plane · Rapid Data Revival™ Clean RP → SyFS clone-boot → DNS swap
Once an attacker is past production, they cannot reach the vault — the air-gap reverses the connection direction.
What the attacker controls (post-breach)
  • Domain admin credentials
  • Hypervisor management plane
  • SAN admin console
  • NAS shares + Veeam server
  • Tape robot scheduler
What the attacker still cannot touch
  • WORM Recovery Points on SyFS
  • HYPER Echo vault contents
  • CENTRAL audit trail
  • RPH-held datasets
  • Off-site replication stream
syneto.euPage 5 of 9
Incident response06
Chapter 04 · Incident response

What the first 60 minutes look like.

01

T+0 · Detect

SOC alert. SynetoOS audit log shows mass-delete attempt on production datasets. RPH auto-engages.

02

T+5m · Isolate

Production VLAN segmented. Hypervisor management API disabled. Air-gap to vault verified.

03

T+15m · Hold

CISO + IT lead place 90-day RPH on the latest pre-incident Recovery Point. 2-person integrity.

04

T+30m · Triage

Forensics clone of compromised VMs created in isolated VLAN for analysis. Production untouched.

05

T+60m · Revive

Clean Recovery Point boots directly from SyFS. ERP back online. Customer-facing services within RTO.

SynetoOS · Incident · 2026-04-12 14:23
14
Compromised VMs
847
RPs held
Sealed
Vault status
47 min
Time to revive
Incident timeline
14:23:01ERRAnomaly: mass delete on dataset hyper-prod/vm-erp-01
14:23:04OKRPH auto-engaged: 847 Recovery Points sealed
14:23:12WARNAir-gap policy verified: vault unreachable from production
14:25:00INFOProduction VLAN segmented (operator action)
14:33:00OK2-person RPH approved: 90-day hold on pre-incident set
15:10:00OKRapid Data Revival™: vm-erp-01 booted from RP 14:18:08
syneto.euPage 6 of 9
Outcomes07
Chapter 05 · Outcomes

What customers tell us.

After ransomware hit our parent company, we restarted clean Syneto Recovery Points to a vault appliance in 11 minutes. Forty-eight hours later we were back in production with zero data loss.IT Director, EU manufacturing group (10,000 employees)
RTO (worst case) Days to weeks <1 hour
Ransom paid 60% of breached orgs 0% of Syneto customers (18 yr)
Forensic evidence Lost or corrupted Held immutable for 90 days
Regulator response Days of preparation CENTRAL signed export in minutes
syneto.euPage 7 of 9
Support & contact08
Chapter 06 · Support & contact

About Syneto & next steps.

Syneto designs and manufactures the complete Hybrid Cloud Ecosystem — hypervisor, data management, data protection and disaster recovery in a single plug & play platform. Founded in 2008, headquartered in Brescia and Timișoara, serving 5,000+ European businesses.

5,000+
Companies served
250+
Channel partners
18+
Years building HCI
$0
Ransom ever paid
European engineering

Designed, built and supported in Europe. ISO 9001 and ISO/IEC 27001 certified operations.

Plug & play deployment

Production-ready in under 30 minutes. No multi-vendor integration, no professional services required.

Single-vendor support

One contract, one phone number, one SLA — for the entire stack. Local language support.

Zero ransom paid

Across 18+ years of customer deployments, no Syneto customer has ever paid ransom following a cyber incident.

Single-vendor support — one contract, one phone number, one SLA for the entire stack. Three response tiers, all delivered by Syneto engineers in your language.

PlanResponseCoverageWho it's for
EssentialNBD — 8×5Software + hardwareBranch offices, test & dev
Business4 h — 24×7Software + hardwareProduction workloads
Mission-Critical1 h — 24×7Software + hardware + TAMBusiness-critical sites, DR

Talk to Syneto

Customer Support Portal

support.syneto.eu

Help Center

help.syneto.eu

Syneto Academy

academy.syneto.eu

Partner Portal

partners.syneto.eu

syneto.euPage 8 of 9

Ready to simplify?.

Join 5,000+ European companies that trust Syneto.

Italy HQ
Via Cefalonia 70
Brescia 25124
Romania
Bastion Office
Timișoara 300054
Spain
Calle Antonio Arias 6
Madrid 28009
Web
syneto.eu
syneto.eu [email protected] +39 051 095 3000
SYNETO SPA · VAT RO15999720 · REG J35/2971/2003 · ISO 9001 · ISO/IEC 27001