The Best Offsite Backups for Ransomware Protection and Disaster Recovery

While computer backups once primarily provided protection against fairly rare but significant catastrophes, such as fires, floods and similar disasters, that’s no longer the case. Whereas backups have also always provided safeguards against data loss due to hardware failure and accidental corruption, it’s now more important than ever that your organization’s backups be protected against ransomware attacks and other cybersecurity threats that intentionally seek to corrupt recovery capabilities as well as live production systems and corresponding data.

Ransomware, malicious payloads that frequently masquerade as legitimate email attachments and links but actually infect systems and networks and lock computers and data by encrypting those resources until a ransom payment is made, is among the most egregious cyber threats facing businesses today. The criminals that program, distribute and leverage ransomware frequently target Windows servers, although other platforms can be infected, too. When these hackers infect systems, they also work diligently to encrypt an organization’s backups, as the ability to reach deeper into the victim’s network, systems and data, and corrupt the backups critical to recovering from such a disaster, further increases the likelihood the victim pays the ransom the miscreants seek.

To protect backups from ransomware, and to preserve backups’ integrity to ensure they’re available to assist recovering operations in the event of a ransomware attack, organizations should securely store backups offsite, remove regular file-level and shortcut-linked access to critical backups and use backup technologies specifically designed to protect against access and encryption by unauthorized parties.

Various software solutions, firewall filtering policies and other cybersecurity tools are available to assist. In addition to installing capable and centralized endpoint protection software, monitoring cybersecurity events and prioritizing security awareness training, businesses should ensure their backups can recover the company’s operations as required and are adequately protected from a ransomware event.

Making multiple backups and storing them in different locations is one strategy, while “air-gapping” (the practice of physically disconnecting backups from on-premises networks and systems) backups is another. Other approaches involve creating virtual machine snapshots and storing those images in safe locations, storing backups on hardened and encrypted storage in secure locations and limiting the accounts, networks and systems that can access backups.

Other options include entrusting a third party to assist with creating and protecting backups designed to safeguard data from ransomware infections and enable recovering operations quickly in the event a ransomware attack corrupts production systems. But before committing to a strategy, companies must first consider the backup strategy they seek to employ.

3-2-1 versus 3-2-1-1-0

The long-established 3-2-1 backup rule prescribes creating one primary backup and two copies. That’s where the “3” in 3-2-1 comes from. The “2” represents saving backups to two different types of media, a move that protects against a single media or hardware failure corrupting multiple backups. The “1” signifies the importance of keeping at least one backup safely off premises, which provides protection against corruption or loss in the event of a local disaster.

Still, if the offsite copy is connected to the network, a ransomware infection can still reach that backup and render it useless. As a result, a newer principle—the 3-2-1-1-0 golden backup rule—is replacing the former 3-2-1 best practice.

The 3-2-1-1-0 rule prescribes maintaining at least three copies of your data. That’s where the “3” comes from. The first copy is the primary data, while the next two sets are backups that should be stored on two different media, hence the “2”. The first “1” symbolizes the need to store at least one backup copy offsite, while the second “1” represents the need to store at least one backup offline in a manner possessing no network connection.

But what about the zero? The “0” represents the need to verify the backups being stored and confirm there are no—or zero—errors with the backups. Confirming there are no errors helps ensure the backup can actually recover operations, should the need arise.

Multiple solutions providers offer software and services to assist businesses in backing up data properly, moving copies off premises to better safeguard them and protecting backups from ransomware. Here are quick summaries for a half dozen of the best offsite backups for ransomware protection and disaster recovery.


Acronis Cyber Protect enables combining cybersecurity and data protections with the added option of Acronis cloud services to securely store backups offsite. The Acronis solution permits recovering backups to bare metal systems, should a disaster require, with the optional ability to restore backups to the Acronis Cloud and run critical operations software from there during a crisis. Once your company resolves the crisis using Acronis’ services, operations can later be migrated back to your firm’s own production servers.


Backblaze B2’s ransomware readiness and recovery solution adds additional cyber protection to online backups. The company’s Object Lock technology creates what it describes as a virtual air gap that protects backup data from corruption by malicious users. Backblaze’s Instant Recovery feature further enables businesses to recover operations immediately using the provider’s cloud services infrastructure when a disaster occurs.


A company known for its email filtering services, Barracuda also provides Barracuda Backup , which unlike many technologies does not store backup files to a network share. Instead, the backup data is inaccessible to other devices, which helps guard against ransomware corruption. The backup solution can protect data located on physical servers, in the cloud or within popular cloud services such as Microsoft 365’s SharePoint platform. A variety of recovery options are available, including restoring data housed within Barracuda Backup to on-premises VMware and Hyper-V environments or within the Barracuda Cloud. Various options and configurations are available, depending upon a business’ specific requirements and recovery point objectives, typically referred to as RPOs.


Datto offers several products designed to assist businesses in protecting their data and backups and recovering operations quickly when trouble does arise. The company’s offerings are sold and supported by managed service providers (MSPs).

The SIRIS solution is a business-continuity option for larger firms, while the ALTO alternative provides similar functionality for smaller businesses. ALTO backups are scanned for ransomware and the solution alerts administrators when a backup fails or ransomware is detected. SIRIS is designed to protect against ransomware disruptions, in part by creating immutable (unalterable) backups stored within the company’s Datto Cloud.

In addition to using immutable backups, the company further secures data from ransomware using two-factor authentication, Datto Cloud protections and its Cloud Deletion Defense technology, which permits recovering mistakenly or maliciously deleted cloud snapshots. The provider also offers Microsoft Azure data protection services and options for safeguarding and recovering software as a service (SaaS) applications.


More specialized but of importance to businesses of all sizes running Microsoft 365 Azure services, Microsoft Azure Backup is a centrally administered backup service and solution. The service helps protect from ransomware everything from on-premises servers to Azure-powered virtual machines and databases and file shares. Role-based access control, multiple user authorization controls, customer-managed keys, specially designed authentication layers, email alerting and backup deletion retention all assist guarding against ransomware attacks. Corresponding restoration services help ensure operations are restored quickly and cost effectively, should a disaster occur.


A backup and recovery provider specializing in protecting cloud, on-premises, SaaS and virtualized environments, Veeam also offers backup solutions specifically designed to protect against ransomware attacks. Whether the servers a business needs to protect are on-premises or in the cloud, the company’s scalable solutions include trusted immutability, backup verification, compliance with the 3-2-1-1-0 rule and instant recovery capabilities for occasions when trouble does arise. The company’s SureBackup technology runs multiple tests to ensure backups are malware free and recoverable and its Double-Play Immutability maintains two ultra-resilient backups. Businesses can also add Veeam One for proactive cybersecurity monitoring, reporting and alerting to further protect backups from ransomware corruption.

Ransomware Worries Keeping You Up At Night?

You’re not alone if worrying about ransomware and the impact a sudden corresponding outage could have on your business keeps you from sleeping. Ransomware is such an imposing threat that the US Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) maintains numerous sites and resources to assist companies in preparing and protecting themselves.

If you have questions, need more information or seek assistance reviewing your cybersecurity plans or need help developing ransomware defenses, contact a Louisville Geek cybersecurity expert today. Call 502-897-7577 or email [email protected].