Why traditional backups fail during ransomware-attacks

ansomware attacks today are fundamentally different from those of just a few years ago. What used to be relatively simple malware that encrypted files and demanded a ransom has evolved into complex, coordinated attacks. Attackers often remain undetected in systems for weeks before striking. And when they do, even the backups often turn out to be compromised.

Many organizations still rely blindly on their backup solution as a safety net. But what happens when that safety net suddenly fails? What if your backups are encrypted, deleted, or rendered useless at the exact moment you need them most? The hard truth is that traditional backup strategies are no match for this new generation of ransomware.

Ransomware 2.0: why this changes everything

Today’s attacks are highly refined. Cybercriminals no longer just target production data. They deliberately go after backup software, systems, and restore points. Networks are monitored quietly for weeks, and once the attack is launched, everything you were counting on for recovery may already be infected or gone.

What makes this even more dangerous is that many backups are still directly connected to the network, making them just as vulnerable as the systems they’re meant to protect. Cloud solutions may offer scalability, but are often only logically separated—not physically. That makes them vulnerable to attacks from within.

Why many backups fail when it matters most

A worrying trend is that attackers know exactly where to strike. They delete restore points, encrypt snapshots, and disable cloud backups. If your backup is accessible via the network, it’s only a matter of time before it becomes a target too. In that scenario, your organization doesn’t suffer one loss—but two.

Immutability and air gapping: your last line of defense

Against this vulnerability stand two essential principles for today’s backup strategy: immutability and air gapping. Immutability ensures that once data is written, it cannot be changed or deleted—not by an administrator, and not by an attacker. Air gapping ensures that your backup is physically or logically separated from the network, making it unreachable for attackers. Together, they allow you to restore from a clean, untouched recovery point, even if your entire infrastructure is compromised.

What recent incidents teach us

A quick online search reveals countless organizations that have fallen victim to ransomware in recent years. In most of these cases, backups were present—but not immune—leading to days or even weeks of downtime and enormous financial impact.

The contrast with organizations that use physical air gaps and hardware-based immutability is striking. One example is the University Hospital in Düsseldorf, which, despite a large-scale ransomware attack, was able to retain access to 400 TB of patient data. Thanks to hardware WORM (Write Once, Read Many) technology, the data remained available and unalterable—an essential factor in ensuring continuity of care.

The lesson? Backups are only a safety net if they are immune to tampering. In this case, even reinforced by an immutable archive. Data classification, immutability, and physical separation make the difference between loss and resilience.

The strategic questions you should be asking now

Instead of asking “do we have backups?”, organizations should be asking: how reliable are our backups under pressure? Is the backup data truly isolated from production systems? Are our recovery points immutable? And how fast can we really get back online if disaster strikes?

Zero Loss starts with smart storage choices

Organizations serious about cyber resilience need to invest not just in backup software, but in the right storage architecture. Solutions that store backups immutably, provide air gap protection, and enable near-instant recovery are no longer optional. They are essential.

And that’s where Zero Loss comes in. Not as an empty promise, but as a practical starting point for modern IT strategies. Because in a world where downtime is no longer acceptable, the question is not if you’ll be attacked—but when. The real question is: will you be ready?

Webinar: European storage and digital sovereignty

On Thursday, Sept. 11 at 12:00 p.m., we’ll show you how to stay in control of your data in an era of cloud dependency and stricter regulations (such as NIS2, GDPR and DORA). Discover why European storage is crucial, how to mitigate risk with Zero Loss storage and what you can do today to stay compliant and future-proof. Don’t miss anything and register now.

Sign up

Subscribe for tips and info

We regularly write blogs on current topics from the world of digital storage technology. Sign up here to be notified about new blogs.