What Is An Air-Gapped Backup?
Ransomware attackers don't just encrypt your live data — they go after your backups first. An air-gapped backup keeps a copy of your data completely offline and out of reach. Here's how it works and why your business needs one.
What Ransomware Attackers Do Before They Lock Your Data
Before a ransomware attack encrypts your live data and presents you with a demand, the attacker typically does something else first: they find your backups and destroy them. They stop backup jobs, delete existing backup sets, or encrypt the backup data itself. When you go to recover, there's nothing there.
This is why security experts increasingly recommend air-gapped backups as a non-negotiable part of any serious data protection strategy.
An air-gapped backup is a copy of your data that is kept completely offline — disconnected from your network and the internet. With no network path to it, a hacker or piece of ransomware has no way to reach it. It's also called an offline strategy, and it's one of the few backup approaches that can protect you from almost any ransomware variant.
What About Cloud Backups?
Cloud storage is valuable, but it isn't a true air-gapped backup. Cloud backups are accessible from the internet, which means a sufficiently motivated attacker can potentially reach them — especially if your cloud credentials are stored on a compromised server.
That doesn't mean cloud backups are worthless. Using a separate set of credentials for your cloud backup — credentials that aren't stored anywhere on your network — significantly reduces the risk. Many cloud providers also offer WORM storage (write-once, read-many), which locks data into a read-only state for a predetermined number of days, making it impossible to modify or delete during that window.
For clients running one of our Datto Siris devices, backups replicate nightly to two separate offsite cloud datacenters. The secondary copy is protected behind Datto's own authentication process and can only be accessed through validated support requests — adding another layer of separation even within the cloud environment.
Alternative: USB Drive Rotation
A straightforward and cost-effective air-gap approach is to replicate your backup data to an external USB hard drive, then physically disconnect it and store it in a secure location. It's a manual process, but it provides genuine offline protection.
To make this work properly:
- Refresh the drive at least weekly
- Use two drives in rotation — so when you're writing a new copy, you still have a recent previous copy available
- Store the offline drive away from the machines it's protecting (offsite is ideal)
Why This Matters Now
Ransomware attacks against small and mid-sized businesses have become routine. The playbook attackers use — find the backups, disable them, encrypt everything, demand payment — is well-documented and widely deployed. When it works, businesses are left with a stark choice: pay the ransom or lose the data.
An offline backup eliminates that leverage. Contact Dytech Group to discuss air-gapped backup options, business continuity planning, and how an offline strategy fits into your overall data protection approach.
