You think your backups are your way out of a ransomware attack. That is the plan most boards have, and on paper it is the right one. The catch is that the same attack that encrypts production usually reaches the backups too. When that happens, the plan you were counting on is already gone.
Here is how it goes. The attacker gets in, sits quietly, and looks around. It maps the network first. It finds the backup server, the backup shares, the storage the nightly job writes to. If those backups are online and reachable from the same network as production, they sit inside the blast radius. When the encryption fires, it does not stop at your databases. It takes the copies you were going to restore from, in the same pass.
So the real question is not whether you take backups. You almost certainly do. The question is whether you hold a copy ransomware cannot touch. An offline copy, or an immutable one. Something that lives outside the reach of any account the attacker can compromise. If every copy you own sits on the same network, you do not have a backup strategy. You have a single target with extra steps.
Would it be a problem if the answer turned out to be no? If every backup you have is reachable from a machine an attacker could land on, then the demand note is not asking whether you will pay. It is telling you. The decision you thought you had, restore or pay, was quietly taken off the table weeks before the screen went red.
What would it actually take, today, to recover this business from a copy that nothing on your network can reach? If nobody can answer that with a straight face, that is the gap. It is cheap to close now and very expensive to discover at 2:39am with a ransom timer running.
We run a free, read-only check that looks at exactly this: whether your backups exist, whether they have been tested, and whether any copy is genuinely beyond the reach of an attack that owns your network. Fifteen minutes, no changes to anything, a graded plain-English report at the end. Find out now, while it is still a question and not a demand.
Want to know if this is sitting in your estate? We run a read-only check and hand you a graded report in plain English.
Get your free health check