What if your backup, the very thing you rely on to recover from a cyberattack, was the first target that criminals went after? That is the uncomfortable reality many organisations now face, and it is the gap a French company called Oxibox has set out to close.
At the recent IT Press Tour in Amsterdam, Oxibox shared how they began life in 2014 as an R&D project, officially forming as a company in 2018. Co-founder and CEO François Esnol-Feugeas, together with Jérôme Clodion and Alexandre Nossent, built the firm around a disruptive but straightforward premise: backup software should be security software.
The company has stayed small and independent, with around 15 staff spread across France, headquartered near Paris. It bootstrapped its way through the early years, became profitable, and even during the turbulence of COVID kept going with support from French and EU innovation grants. More recently, Oxibox attracted business angel investment, including the founder of one of France’s most prominent cyber companies, and is now preparing for a larger fundraising round.
Why Backups Became the First Target
The story begins with a shift in attacker behaviour. A decade ago, ransomware was focused on encrypting production systems. Today, backups are in the crosshairs. Attackers know that if backups are destroyed or encrypted, victims have little choice but to pay.
Backups also offer a treasure map: they often contain catalogues of all systems in the company, sensitive personal information, or even copies of contracts with ransom coverage clauses. They can be used to spread malware further inside the network, or exfiltrated and sold on.
Traditional tools such as immutable backups or tape libraries exist, but they come with high costs, lock-in, or fragile operational processes. As François put it in Amsterdam, the industry needed a more straightforward, software-based way to disconnect and secure backups.
The Oxibox Approach
Oxibox’s technology is built around the idea of secure-by-design, secure-by-default backups. There are two key pillars:
Oxibox UDP (Universal Data Protection) – a filesystem with built-in behaviour analysis. It recognises the tell-tale patterns of legitimate backup software and blocks anything that looks suspicious, even if it comes from an administrator account. Trained using AI models but shipped as fixed rules, it acts like a firewall at the filesystem level. This ensures ransomware cannot silently overwrite or corrupt backups.
Oxibox Plug-and-Protect – a turnkey backup solution that layers on top of UDP. It encrypts data at the source, deduplicates across multiple systems, and supports a wide range of environments from endpoints to VMware clusters to Microsoft 365. It offers both speed and flexibility: file-based backups that can be used to reconstruct full system images.
The result is what Oxibox calls “disconnected backups.” In practice, this means air-gapped, encrypted backups deployable in as little as 30 minutes, even for small and mid-sized businesses. Organisations can retreat into secure enclaves, ensuring recovery happens in a clean environment without reinfecting compromised systems.
The company has already seen its technology tested in the wild. In one case, a customer using Veeam backups suffered a Dharma ransomware attack. All Veeam backups were encrypted and unusable, but Oxibox’s backups, deployed just days earlier—remained intact. The customer was back online in hours.
This distinction matters in the mid-market, where MSPs and MSSPs often lack the resources to deploy the most complex configurations securely. Oxibox is designed to give them a straightforward way to provide cyber-resilient backups without the overhead of tape management, immutable object stores, or complex hardware.
Growth, Partnerships, and Market Fit
Oxibox has quietly built traction. It counts more than 6,000 end customers, including over 4,000 public entities, and has deployments across 20 countries through a network of around 40 partners. French cybersecurity leaders such as Docaposte have adopted it as their exclusive secure backup partner.
In 2024, Oxibox signed a pan-European distribution deal with EET and is now preparing a second distributor with a stronger cybersecurity focus. Its go-to-market remains entirely B2B2B, targeting resellers, MSPs, and MSSPs, but end-customers are increasingly aware of the brand as well.
Pricing is straightforward: charged per terabyte of destination backup volume, with no license caps. Entry-level software starts at around €29 per month, cloud services from €79, and appliance deployments from €39.
Why It Matters
The bigger story here is that backups are no longer just an IT hygiene practice. They are a frontline of cybersecurity. As François said, you can block 99% of threats, but you still need a way to restart when you fall into the unlucky 1%.
Oxibox is not trying to be everything. It does not market itself as an EDR or a DLP. It does one thing—backup security—but does it in a way that recognises how ransomware has evolved. By combining air-gapping, encryption, behavioural analysis, and simplicity, it offers organisations a way to make sure that backups are actually there when they are needed most.
The Road Ahead
The roadmap is measured but ambitious:
Expanding international presence with new distributors.
Launching a broader cyber-resilience platform.
Increasing performance to 100 Gbps backup and restore speeds.
Offering first-class support for platforms such as Proxmox and Nutanix.
Its story shows how backup, often the least glamorous corner of IT, is being reimagined as a core part of cyber-resilience.
Over to You
I’ll be sitting down with ExaGrid for an upcoming podcast to dig deeper into this journey. What questions would you like me to put to them? Share your thoughts, and I’ll take them straight into the conversation.