Acronis this week published a 2026 buyer’s guide for operational technology (OT) backup and recovery, and the message is blunt: if your factory still runs Windows XP or Windows 7 on the plant floor, your corporate backup tools are likely useless when ransomware hits. The vendor-authored report ranks Acronis Cyber Protect for OT ahead of Veeam, Rubrik, and Commvault for industrial environments, but the true value is a five-step checklist that every Windows admin with OT responsibilities should apply today.

The Legacy OS Time Bomb

Walk through any food processing plant, automotive assembly line, or water utility, and you’ll find computers running Windows XP Service Pack 1, Windows 7, or Windows Server 2003. These aren’t forgotten relics—they’re locked-down systems, often air-gapped from the internet, because the automation software they run was certified only for that specific OS version. Upgrading is rarely a simple matter of inserting a USB. It can require recertification of the entire production process with regulatory bodies, at a cost that can run into six figures. So the machines stay.

Acronis’s guide acknowledges this reality head-on. Cyber Protect for OT supports Windows XP SP1 and all later Windows client and server editions, including the often-forgotten Windows XP 64-bit edition sometimes found on engineering workstations. It also supports older Linux kernels common in embedded industrial controllers. Deployable in fully air-gapped setups, it doesn’t need a single packet to cross the facility’s perimeter. Backups, management, and recovery all happen locally.

What OT Backup Looks Like

The product’s feature set targets the exact pain points plant electricians face at 3 a.m. Image-based backups capture not just documents but the entire OS state—registry, drivers, installed applications—so restoring a corrupted human-machine interface (HMI) is a one-step process. File-level backup, typical of many IT tools, is near-useless when the operating system itself won’t boot.

Bare-metal recovery to dissimilar hardware is even more critical. Say the HMI computer is a Dell OptiPlex GX520 from 2005, and the spare is a newer HP with a different chipset. A standard recovery image would blue-screen because the storage controller or HAL is wrong. Acronis injects the necessary drivers during restore, allowing that two-decade-old application stack to boot on modern commodity hardware. And the “One-Click Recovery” workflow is built for maintenance technicians, not IT backup administrators—a crucial operational difference when the only person on shift is an electrician who knows the line but not Active Directory.

The Enterprise Backup Blind Spot

Your IT department likely uses Veeam Backup & Replication, Rubrik Security Cloud, or Commvault Cloud for servers and virtual machines. These platforms excel at protecting modern Windows Server, Linux VMs, and cloud workloads. But the plant floor is a different beast.

Veeam, for instance, requires an agent for physical Windows machines, and while it supports Windows XP, agents for such old OSes often lack features like application-aware processing and may demand a separate proxy server. Licensing often ties to a cloud-based management console, which can’t communicate with an air-gapped control network. Rubrik and Commvault are even more cloud-native, relying on centralized management and external authentication mechanisms that simply don’t exist in a segmented industrial network.

A real-world scenario: a Tier 1 automotive supplier in Ohio suffered a ransomware attack in 2025. The corporate IT team had Veeam ready to restore the factory’s SCADA server—until they realized the server ran Windows Server 2003 and was on a VLAN that didn’t allow inbound connections from the corporate LAN. Restoring the system required a site visit, booting from a CD found in a dusty drawer, and manually copying files over a USB drive. Production was down for four days. Acronis doesn’t name the supplier, but stories like this pepper industry conferences.

The guide doesn’t categorically dismiss Veeam, Rubrik, or Commvault. It acknowledges that for IT-adjacent OT systems—like a modern historian server running Windows Server 2019 in a DMZ—they are capable tools. The danger is assuming that what works in the data center will work on the plant floor without rigorous testing.

The Industrial Ransomware Surge

The stakes are not theoretical. In February, industrial cybersecurity firm Dragos reported that 119 ransomware groups affected 3,300 industrial organizations in 2025, a 49% jump from the year before. While headlines focus on nation-state attacks against PLCs, most incidents are financially motivated ransomware that merely encrypts Windows HMIs, engineering workstations, and batch servers. No PLC code is altered, yet production halts because operators are blind.

Recovery speed becomes paramount. A German chemical plant hit in early 2026 regained control of its distributed control system within hours because a dedicated OT backup system had just been installed. The Dragos data suggests that for every success, multiple organizations are still fumbling with misconfigured enterprise tools.

Security Monitoring Isn’t Recovery

Acronis’s guide also mentions Claroty, Nozomi Networks, and Armis. It correctly notes that these are not backup products. They detect anomalies on the network and identify vulnerable devices, but they don’t create system images. In the same way, Barracuda is cited as a corporate-side reference point for security, not as a plant-floor recovery platform.

This distinction matters because, after a ransomware incident, the priority shifts from “how did they get in?” to “how do we get back up?” The security monitoring tools answer the first question; a proper backup tool answers the second. Many plants have invested in more visibility but still lack tested recovery procedures.

Your 5-Step Action Plan

The guide’s most practical contribution is a checklist for Windows admins. Here’s how to apply it.

1. Inventory Every OT Windows Machine
Go beyond corporate asset management. Walk the floor, open each cabinet, and note the exact OS version, service pack, installed automation applications, and network configuration. You’ll likely find Windows XP Embedded thin clients, old panel PCs, and forgotten engineering laptops running Windows 7 that hold the only copy of a PLC program.

2. Test Bare-Metal Restore to Dissimilar Hardware
Acquire a spare industrial PC—not necessarily the same model. Restore a full image onto it, load the HMI application, and verify it communicates with a test PLC. Time how long the process takes and document it. If you can’t do it within the plant manager’s acceptable downtime, you’ve identified a gap.

3. Verify Complete Air-Gap Operation
Disconnect the backup server from all networks. Perform a backup to a locally attached USB drive, then run a restoration onto a target machine. If any step fails because of licensing that requires internet check-ins, cloud-based management, or missing drivers, the solution isn’t air-gap-ready. Many enterprise tools fail this test.

4. Empower the On-Site Team
During a 2 a.m. outage, the shift electrician should be able to start a recovery without calling IT. That means a one-click process, clear written instructions, and regular drills. Acronis’s One-Click Recovery is designed for this, but whatever solution you choose, the principle holds: the people closest to the machine must be able to restore it.

5. Augment Image Backups with OEM Configs
System images restore the Windows environment, but they don’t preserve the ladder logic currently running in the PLC or the network switch configuration. Keep separate, version-controlled backups of those using change-management tools. When a hardware failure takes out both the HMI and the PLC program, you’ll need both pieces.

What to Watch Next

Acronis’s guide is, by its own phrasing, a marketing document. It ranks its own product first, which an independent test might dispute. But the core argument holds: if your plant has Windows XP or any unsupported OS, your current enterprise backup strategy is likely insufficient. As industrial ransomware continues to rise—Dragos’s figures show no slowdown—regulatory bodies and insurers are starting to ask pointed questions about OT recovery testing. The guide provides a timely framework for answering them before an incident forces the issue.

For Windows admins, the mandate is clear. Engage with your facility’s control engineers, run that inventory, and schedule a restoration drill this quarter. Because the next ransomware group to target your factory won’t care about compatibility matrices—it will just encrypt the HMI and wait for your response.