Acronis published an analysis in May 2026 on a frustrating pattern: organisations get hit by ransomware, go to restore, and discover the backups are gone too. The reason is almost always architectural. Traditional backups can be modified or deleted, and backup systems routinely share the same domain, the same credentials and the same network as the hosts that just got compromised. Once the attacker owns the domain, they own the backups.
Modern ransomware operators know this and target backups deliberately and early — disabling, encrypting or deleting them before the main payload fires, specifically to remove your leverage. A backup that lives inside the blast radius isn’t insurance; it’s another thing to lose.
Immutability is the fix that holds: object-locked or write-once storage the production domain can’t alter, separate credentials, and ideally an offline or isolated copy. Then the part everyone skips — a monthly restore test, because a backup you’ve never restored is a hope, not a recovery plan.
