Skip to main content

Tip #13: Make Sure Your Backups Can’t Be Deleted – Even by a Hacker

May 13, 2026

Modern ransomware attacks are designed specifically to destroy backups before encrypting your files. If your backups can be deleted, they can be weaponized against you.

What to do:

  • Ask your IT provider if your backups are immutable, meaning they cannot be altered or deleted by anyone, even an administrator, during the retention period.
  • Confirm backups are stored outside your main network, such as in a separate cloud environment, an offline copy, or both.
  • Follow the 3-2-1 rule: three copies of your data, on two different types of storage, with one copy stored offsite.

Common mistake: An attacker quietly gains access to a business network weeks before doing any visible damage. During that time, they locate the backup system, connect to it using stolen admin credentials, and silently delete months of backups. When the encryption hits, the business opens the backup console and finds nothing there.

A backup that can be changed or deleted by an attacker is not a recovery plan. It’s just another target.

Immutable backups store copies in a protected state that cannot be modified or deleted for a defined period, even by an account with full admin rights. It is a technical configuration that can completely change the recovery outcome.

How to know it’s done:

  • Your backups are stored in a location not accessible from your primary network
  • Your IT provider confirms backups are write-protected or immutable for a defined retention period