Threats

Ransomware Attacks Succeed Despite Backups

May 6, 2026 16:02 · 12 min read
Ransomware Attacks Succeed Despite Backups

Ransomware Attacks and Backup Failures

Ransomware attacks are becoming increasingly common, with the number of attacks rising by 50% last year, according to the Acronis Cyberthreats Report H2 2025. Despite the existence of backups, many organizations are still falling victim to these attacks. The reason for this is that backups are often exposed, accessible, and unprotected, making them a single point of failure.

In modern ransomware attacks, attackers deliberately target and destroy backup systems before launching encryption, making recovery impossible. This is a new and uncomfortable reality that IT and security professionals must confront. The traditional approach to backups, which positions them as the ultimate fallback in cybersecurity strategy, is no longer effective.

How Attackers Break Backup Strategies

Ransomware attacks typically follow a predictable sequence: initial access, credential theft, lateral movement, backup discovery, backup destruction, and ransomware deployment. To stop this chain, organizations need controls at each stage. For example, Acronis integrates endpoint protection, credential monitoring, and backup protection in one platform to detect threats before backups are compromised.

Attackers can enumerate backup servers and storage repositories, access backup consoles via stolen credentials, delete or encrypt backup files and snapshots, and disable backup agents and scheduled jobs. They can also modify retention policies to remove recovery points. Common techniques include deleting Volume Shadow Copies (VSS) on Windows systems, using legitimate admin tools, targeting hypervisor snapshots in virtual environments, and exploiting API access to cloud backup storage.

Protecting Backups from Ransomware

To protect backups from ransomware, organizations need to rethink their approach to backup and recovery. This includes enforcing identity separation, isolating backup environments, using immutable backups, monitoring backup activity, and testing recovery regularly. Immutable backups, in particular, are critical, as they prevent any changes or deletion for a defined period, ensuring a clean recovery point always exists.

Acronis Cyber Platform provides immutable storage with enforced retention policies and protection against credential misuse. Key characteristics of immutable backup include write-once, read-many (WORM) storage, time-based retention locks, protection against API and credential misuse, and enforcement at the storage layer.

5 Ways to Protect Backups from Ransomware

  1. Enforce identity separation: Use dedicated credentials and MFA
  2. Isolate backup environments: Segment networks and limit access
  3. Use immutable backups: Prevent deletion or modification
  4. Monitor backup activity: Detect abnormal behavior early
  5. Test recovery regularly: Ensure backups can be restored

By following these best practices, organizations can protect their backups from ransomware attacks and ensure business continuity. This requires a shift towards a resilience-first approach, where security and backup are integrated, and automated protection and recovery are prioritized.

Building a Ransomware-Resilient Backup Strategy

The Acronis research is clear: to protect backups from ransomware, organizations need to move beyond traditional backup thinking and adopt a resilience-first approach. This includes integrating security and backup, automating protection and recovery, ensuring end-to-end visibility, and designing for attack scenarios.

A unified platform that combines backup, cybersecurity, and recovery management can detect threats before backup compromise occurs, protect backup infrastructure with the same rigor as production systems, and ensure recovery points remain intact and verified. Solutions like the Acronis Cyber Platform are designed around this integrated model, reducing complexity while improving resilience.

In conclusion, backups fail not because they are missing but because they are exposed. To ensure recovery in modern threat environments, organizations must rethink backup architecture with security at its core, embracing immutability, isolation, monitoring, and integration. By doing so, they can protect their backups from ransomware attacks and ensure business continuity.

Backups still play a critical role in ransomware defense, but only if they are designed to withstand active attacks.

Source: BleepingComputer

Source: BleepingComputer

Powered by ZeroBot

Protect your website from bots, scrapers, and automated threats.

Try ZeroBot Free

Related Articles

Threats

Belarus-Linked Hackers Target Ukraine Officials

A Belarus-linked hacking group, GhostWriter, has launched a phishing campaign against Ukrainian government officials using fake emails disguised as messages from an online learning platform to deliver malware.

May 22, 2026 12:05 · The Record 12 min read
Threats

Kimwolf Botnet Alleged Leader Arrested

Jacob Butler, a 23-year-old Canadian man, was arrested for allegedly running the Kimwolf botnet, which initiated over 25,000 DDoS attacks and caused millions of dollars in financial losses.

May 22, 2026 08:02 · CyberScoop 12 min read
Threats

Crypto Drainers: How They Work

Crypto drainers are tools designed to steal cryptocurrency assets by abusing wallet permissions and transaction approvals, often through social engineering tactics.

May 22, 2026 00:10 · BleepingComputer 12 min read