4,000+
Organizations
Run On Files.com
SMBs through the Fortune 500 keep critical data on the platform — the same place an out-of-band copy lives, separate from your production stack.
Back Up The Cloud Buckets Ransomware Can Reach
Files.com keeps a clean, recoverable copy of your data off your production stack — including the S3, Azure Blob, Google Cloud, and Wasabi buckets your endpoint and server backup tools never touch. The copy is fed over a path with no inbound attack surface, retention-locked so a compromised credential cannot delete it, and restored to a point in time before the incident — not just whatever your last mirror copied.
Most teams plan ransomware on desktops and servers and leave their production cloud buckets unprotected. Files.com syncs one bucket into a separate versioned bucket the attacker cannot reach, on the cheap archive tier you already pay for, so the clean copy was never in the blast radius.
Backs up your cloud buckets
No inbound attack surface
No credit card to start
4,000 organizations rely on Files.com every day
Real companies. Real file flows. Real results.
The Platform Behind The Copy
This is the same Files.com that 4,000+ organizations already run for secure storage and file transfer — now the separate, audited place your recovery copy lives.
#1
Gartner Peer Insights
Ranked Vendor
The top-rated managed file transfer vendor in Gartner Peer Insights, and a Leader on G2 — the kind of control a recovery copy needs comes built in.
15 years
Zero breaches
In Production
Files.com has run as a managed cloud platform since 2010 with zero breaches the whole time. The copy you recover from should live somewhere with that kind of record.
8 regions
Data residency
Where The Copy Lives
Choose which of eight global data-residency zones the out-of-band copy sits in — far from the environment that gets compromised.
The Copy Nobody Is Making
Ransomware is something most teams plan for on desktops and servers. The same logic applies to server-side cloud storage — and almost no one is backing that up. A production Amazon S3, Azure Blob, Google Cloud, or Wasabi bucket can be encrypted, deleted, or corrupted by a stolen access key exactly like a file server can, and the endpoint-and-VM backup tools that protect the laptops never touch it. That is the blind spot, and it is the one this page is about.
The Setup We Recommend
Back up one cloud bucket into another — a separate, read-only, versioned bucket the production logins can’t reach. Files.com syncs the source in, and restores any point in time back out.
Your Bucket Is In The Blast Radius Too
A production S3, Azure Blob, Google Cloud, or Wasabi bucket can be encrypted, deleted, or corrupted by a stolen access key exactly like a file server can. The endpoint-and-VM backup tools that protect the laptops never touch it.
Sync The Source Into A Versioned Copy
Set up a second bucket with object versioning turned on, then have Files.com sync the source into it on a schedule. Because versioning is on, each run saves a new version instead of overwriting the last — so a sync that runs after an attack can’t wipe out the clean copy.
Restore To A Point In Time, Not The Last Mirror
A plain mirror just gives you back whatever the source looked like at the last sync — including the ransomware encryption, if it got there first. Restoring out of the versioned copy lets you go back to a known-good moment from before the attack.
Park It On The Cheap Tier You Already Pay For
The target is your own bucket, so it can sit on AWS archive or infrequent-access storage — cheaper than the dedicated capacity a backup appliance makes you buy. You are paying for object storage anyway.
How Files.com Does It
Things the platform already does, set up together to make a copy that lives off your production systems.
Nothing For An Attacker To Reach Into
When the source is on-prem, the Files.com Agent dials out over one outbound connection to feed the copy — no inbound firewall rule, no VPN, no open service for an intruder already inside the network to find and use. The network pushes the copy out of itself; there’s nothing for an attacker to connect to from the outside.
A Copy A Stolen Login Cannot Delete
On Enterprise, Support can turn on Archive-Only Mode for the copy: once a file is written, no one can change, overwrite, rename, or delete it — not even your own administrators, on any connection method. The mode can’t be turned back off, and that’s exactly what makes it hold up against an attacker who got inside your main systems.
A Copy That Lives Off Your Production Systems
A second NAS on the same network, mounted with the same logins, is in the blast radius — ransomware that reaches the file server reaches it too. From the on-prem side, the Files.com copy is reachable only over the outbound-only Agent, and it runs as separate, controlled infrastructure, not part of your production setup.
The Record You Need After An Incident
Every sync run and every access to the copy lands in an audit log no one can edit, kept for years and exportable to your SIEM. After an attack, that’s the difference between "we think the copy was clean" and a record that shows exactly what it held and who touched it.
Teams Running Governed, Audited Storage On Files.com
“I appreciate the platform’s strong security-first approach, granular permission model, and detailed audit logging, which make it easy to enforce least-privilege access and maintain compliance. The ability to manage users, roles, IP allowlisting, and automation independently across sites ensures clear isolation and reduces the risk of misconfiguration.”
Shravankumar Ligadi
Analyst, IT Access Management, Capillary Technologies
“The biggest challenge that Files.com helps us solve is keeping our file transfers secure. Files.com provides us with the ability to protect our files and gives us a secure feeling that we can keep everything safe. We rely most on the ability to keep our data encrypted while it’s stored at rest as well as in transmitting the data.”
Jim Rice
Senior Vice President of Technology Operations, Dash Solutions
Where This Fits Next To The Backup Tools You Run
A team thinking about ransomware is usually already running Veeam, Cohesity, or Rubrik, or eyeing a second NAS. Here is where Files.com fits next to each.
Alongside Veeam, Cohesity, And Rubrik
Those tools are great at backing up laptops, servers, and virtual machines — keep them for that. None of them back up your cloud buckets. Files.com fills the gap they leave: the production object storage that ransomware and a stolen login can reach, but that the machine-backup tools never copy.
Against A Second NAS In The Other Rack
A second NAS on the same network, mounted with the same logins, is in the blast radius. Ransomware that reaches the file server reaches any NAS it can mount, and a stolen admin login deletes both. The Files.com copy is reachable only over the outbound-only Agent and runs in a write-once mode a stolen login can’t undo. A different kind of protection, not just a cheaper NAS.
For The Cloud Storage Nobody Else Copies
The big backup tools grew up protecting machines, not cloud storage, so the data sitting in production S3, Azure, Google Cloud, and Wasabi buckets is mostly unprotected against ransomware and a stolen login. Files.com runs a Veeam-like process from one of those buckets into a separate, versioned, read-only bucket the attacker can’t reach.
The Copy That Survives The Attack
This isn’t the thing that rebuilds the whole datacenter — it’s the spare copy that was never in the blast radius. When ransomware, an insider, or a bad config takes down your main systems, you recover from a copy that lived somewhere the attack couldn’t follow.
The Copy The Big Backup Tools Don’t Make
Files.com backs up the cloud buckets — S3, Azure Blob, Google Cloud, Wasabi — that machine-backup tools never touch. Veeam, Cohesity, and Rubrik protect laptops, servers, and virtual machines; keep them for that. The production storage that ransomware and a stolen access key can reach is the copy they leave unmade — and that’s the copy Files.com makes.
Run Files.com as the spare copy for that storage: a separate, controlled, can’t-be-edited copy with nothing for an attacker to connect to, built from a platform your team may already run for partner exchange, compliance, or transfer. It’s the copy that survives the attack — restored to a point in time from before it happened, on the cheap archive tier you already pay for.
The Controls A Recovery Copy Needs
The place a clean copy lives should come with the audit log, identity, and compliance a production system was never built to guarantee.
Controlled, Audited, Durable
The copy is held off-site, with an audit log of every file action that no one can edit, kept for years, and AES-256 at rest with TLS in transit — the control a recovery copy needs, not a backup add-on.
Compliant Out Of The Box
SOC 2 Type II, PCI DSS, and CSA STAR, with a HIPAA BAA and GDPR DPA available. Used in production by banks, healthcare, and other regulated industries that have to keep a defensible copy of regulated data.
Enterprise Identity
SSO and SAML against Microsoft Entra ID, Okta, Active Directory, Google, OneLogin, and Auth0, with SCIM provisioning, nine permission levels, IP allowlisting, and password policies on who can reach the copy at all.
Support From People Who Know The Platform
Standing up the out-of-band copy — the sync, the versioned target, Archive-Only Mode — is the kind of thing you want a real engineer on the other end of.
An All-Engineer Support Desk
The people who answer the phone are engineers who know the platform, not a tier-one queue reading a script. Archive-Only Mode is enabled by Support — you reach someone who can stand up the immutable destination with you.
Onboarding Included
Get the source sync, the versioned target, and the retention-locked destination stood up fast. Strategic enterprise deployments get our onboarding people embedded as forward deployed engineers.
Documentation That Goes Deep
Thorough docs cover sync scheduling, Archive-Only Mode, child sites, and the Agent’s outbound-only connection — enough to plan the recovery posture before you build it.
Ransomware-Resilient Backup FAQ
What security and IT teams ask most when building a recovery copy on Files.com.
Keep A Copy That Was Never In The Blast Radius
Back up the production cloud buckets your other tools ignore into a separate, versioned, retention-locked copy on Files.com — restored to a point in time before the incident, on the cheap archive tier you already pay for. Stand up the sync and a versioned target during the free trial.
No credit card required • Free for 7 days • Live in minutes