We've mentioned this in passing before, but it deserves a post of its own, because it's the single nastiest thing about modern ransomware and the part most people don't see coming.
The old picture in everyone's head is simple: attackers lock your files, you shrug, you restore from backup, you carry on. That used to work. So the criminals adapted. Now, when ransomware lands, one of the first things it does is go looking for your backups, and lock or wipe those too. They know perfectly well that a business with a clean backup won't pay them. So they make sure you don't have one.
Why Ransomware Can Wipe Your Normal Backups
Most backups sit somewhere the attacker can reach. A drive plugged into the same computer. A folder on the office network. Cloud storage your systems are logged into automatically. All of that is convenient, and convenient for you means reachable for them. Once they're inside with the right access, anything your systems can write to, they can ruin.
So you end up with the worst of both worlds: you did the responsible thing and kept a backup, and it gets encrypted right alongside everything else. That's not a rare horror story. It's the standard playbook now.
The Fix: Immutable Backups
This is where one slightly technical word earns its place: immutable. It just means "can't be altered." An immutable backup is a copy that, once written, is locked for a set period, and during that window, nobody can change it, encrypt it, or delete it. Not you, not an admin, not an attacker holding your stolen password. The data is set in stone until the timer runs out.
That last part is the whole point. Even if a criminal gets into your systems with full control, they hit a wall at the immutable copy. They can rage at it all they like; it won't budge. When the dust settles, that untouched copy is sitting there waiting, exactly as you left it, ready to restore from.
You Probably Already Have Access to It
Here's the part that surprises people: this isn't exotic, enterprise-only kit anymore. A lot of mainstream backup services and cloud storage offer immutability as a setting. Sometimes it's a checkbox labelled something like "object lock" or "immutable storage." Sometimes it's baked into a backup product you might already be paying for.
The catch is that it's usually off by default, and most people never turn it on because they don't know to ask. So the data they think is protected is actually sitting wide open to exactly the attack it's meant to survive. The capability is there; it's just waiting for someone to switch it on.
How Immutable Backups Fit Your 3-2-1 Strategy
Remember the old 3-2-1 idea: a few copies, on different media, one of them kept away from everything else. Immutability is the modern upgrade to that "kept away" copy. It used to be enough to keep a backup offline or off-site so an attacker couldn't reach it physically. Now the cleanest version of that protection is a copy that's reachable but frozen, present and online, yet impossible to tamper with.
You don't need every backup to work this way. You need at least one that does, one copy an attacker absolutely cannot touch, no matter how deep they get. That single locked copy is often the whole difference between paying a ransom and politely declining.
Curious whether any of your current backups are actually immutable, or just assumed to be safe? It's a quick thing to check and an easy one to get wrong.
Book a 15-minute backup audit
No commitment, no upsell. Just a clear answer on whether that locked copy exists.