cybersecurity

Your Business Has a Backup. But Would It Survive a Ransomware Attack?

By The Most Secure Man Alive

By The Most Secure Man Alive | WISECLICK Ambassador

I hear it often.

"We have a backup."

It is said with the quiet confidence of someone who has ticked the box. And I understand. A backup feels like the responsible thing — the insurance policy, the safety net, the plan B.

Here is what I've noticed, though: most backups are designed for accidents — deleted files, a broken laptop. Ransomware is a different kind of problem.

Not because the person was careless. Because nobody explained the difference between a copy and a recovery.

What Most People Think "Backup" Means

A backup, in most people's minds, is a copy of their files. Something they can retrieve if they accidentally delete a document, or if their laptop dies.

That kind of backup is useful. For exactly that kind of problem.

Ransomware is software that finds every file it can reach, encrypts them so they cannot be opened, and then presents you with a demand. The attacker asks for payment to restore access.

Here is the part that changes the conversation: ransomware does not stop at your files. It looks for your backups. If your backup is stored on the same machine, the same drive, or the same cloud account that the malware has already reached — it encrypts that too.

By the time you know something's wrong, an unprepared backup may already be unreachable.

Most breaches are not sophisticated. They're simply unattended.

Why Backups Are Targeted First

Modern ransomware operators are not in a hurry. They move quietly through a network for days — sometimes weeks — before they announce themselves.

During that time, they map everything: your files, your folders, your cloud storage, your backup drives. By the time ransomware becomes visible, it has usually already looked for connected backups.

This is why the location of your backup matters as much as the backup itself.

A backup stored on an external hard drive that sits next to your computer — reached. A backup on a cloud account you access from the same machine — reached. A backup that requires the attacker to get past a separate, independent system with its own access controls — that is a different conversation entirely.

What "Bare Metal Backup" Actually Means

A bare metal backup does not just copy your files. It copies everything — the operating system, the applications, the settings, the entire machine as it exists right now.

If ransomware hits, a bare metal restore brings everything back as it was. Not just your documents. The machine itself. Hours of recovery time instead of days — or worse, the realisation that recovery is not possible at all.

The term "immutable" matters here. An immutable backup cannot be altered or deleted, even by someone who has full administrator access to your business systems. It sits in a separate environment that the ransomware — and the attacker controlling it — simply cannot reach.

That is what a backup is supposed to do.

He took the assessment on a Wednesday. By Friday, the gaps were closed.

The Conversation That Started This

A small business owner I know told me she had a backup. External drive, plugged in every night. Felt sorted.

I asked where the drive was during business hours.

Plugged in. Always. "It's easier that way."

I explained bare metal backup. Offsite storage. Immutability. The way a real recovery works.

She paused.

"That sounds surprisingly reasonable."

That response is usually the moment the conversation changes.

The WISECLICK Cyber Core membership includes automatic bare metal backup — encrypted, offsite, immutable. Stored in a location that is entirely separate from your business systems, and inaccessible to anyone who compromises them.

It also includes CrowdStrike Falcon EDR endpoint protection — the same technology used by major Australian enterprises — and access to the full WISECLICK member portal, including the Essential 8 guide series and the Cyber Toolkit — 29 plain-English guides covering everything from password managers to securing your business Wi-Fi.

That's endpoint protection, bare metal backup, and the complete Essential 8 toolkit — for less than a tank of petrol a month.

From $59 a month.

If you'd like to know where your business stands before committing to anything, the Essential 8 Gap Assessment shows you exactly that — in thirty minutes, in plain English.

Get your Essential 8 score — 30 minutes, $149 →

Three Questions Worth Asking About Your Current Backup

  1. Is it stored separately from your main systems? If your backup can be reached from the same machine or account that holds your files, it is not protected from ransomware.
  2. Is it immutable? Can someone — or something — with access to your systems alter or delete it? If yes, it is not a recovery-grade backup.
  3. Have you ever actually restored from it? A backup that has never been tested is a hypothesis, not a guarantee.

If any of those answers give you pause, that is useful information.

Where to Start

Backups are one of the eight controls in the Australian Signals Directorate's Essential 8 — the government's own checklist for protecting Australian businesses.

If you want to know where your business stands against all eight, the Essential 8 Gap Assessment gives you a clear picture in thirty minutes. Your maturity level. Your gaps. Your quick wins. Written in plain English, without the jargon.

Want to know how the rest of your security stacks up?

The Essential 8 Gap Assessment shows you exactly where your business stands — across all eight controls, in plain English.

30 minutes. No tech knowledge needed. $149.

Start the Assessment →

Your business deserves better than hoping for the best. Stay protected, my friends.
— The Most Secure Man Alive

Get articles like this delivered to your inbox

Frequently Asked Questions

What is the difference between a regular backup and a bare metal backup?

A regular backup copies your files. A bare metal backup copies your entire machine — the operating system, applications, settings, and all your data. If a disaster strikes, a bare metal restore brings everything back as it was, not just your documents.

Can ransomware encrypt cloud backups?

It can, if the cloud account is accessible from an infected machine. Attackers look for every connected storage location. A backup stored in a separate, independently controlled environment — with immutability settings enabled — is the kind that survives.

What does "immutable backup" mean?

Immutable means it cannot be changed or deleted, even by someone with full administrator access. The backup exists in a state that malware — and the people controlling it — cannot alter.

Is backup part of the Essential 8?

Yes. Regular backups are one of the eight controls in the Australian Signals Directorate's Essential 8 framework. The ASD recommends that backups are stored offline or offsite, tested regularly, and protected from modification.

What does WISECLICK's backup include?

WISECLICK Cyber Core includes bare metal backup — encrypted, offsite, and immutable. It is included in the membership from $59 a month, alongside CrowdStrike Falcon EDR endpoint protection, the Essential 8 guide series, and the Cyber Toolkit — 29 plain-English guides covering everything from password managers to Wi-Fi security.

Reading next

Is Your Business Wi-Fi Actually Secure?

Apr 5, 2026
The Most Secure Man Alive

My Email Has Been Hacked. Here's Exactly What to Do in the Next Hour.

Apr 20, 2026
The Most Secure Man Alive

Leave a comment

This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.