Security for Beginners
by Sergey Okinchuk
Patching: Why Updates Are SecurityChapter 9: When Things Go Wrong
Topic 37

Backups: The Answer to Loss and Ransomware

Concept

Some disasters can't be prevented, only survived. A hard drive can die without warning, a laptop can be stolen, a wrong click can delete the wrong folder, and ransomware can lock up every file you own. The thing that turns any of these from a catastrophe into a bad afternoon is a backup.

A backup is a separate, safe copy of your data that you can restore from if the original is lost, broken, or locked away. It is the direct answer to ransomware, to hardware that fails, and to plain human mistakes.

Think of a spare set of house keys. If you hang the spare on a hook by the front door, it is lost in the very same fire or break-in as everything else — it protects nothing. But if you leave it with a trusted friend across town, it is the thing that gets you back inside when your own keys are gone. A backup works the same way: its whole value comes from being kept somewhere apart.

A backup is what lets you recover after the worst happens
Your datathe original
Isolated backup copykept elsewhere
Loss or ransomwareoriginal is gone
Restoreback to working

What Is a Backup?

A backup is an independent copy of data, kept separately, that lets you bring the original back if it is ever lost, corrupted, or locked. The key word is independent: it is a second copy that exists on its own, not a part of the live system.

Olivia's photos live on her phone. If those photos are also copied to a service she doesn't touch day to day, that second copy is a backup. When her phone falls in a lake, the originals are gone, but the copy is untouched — and she can restore her photos onto a new phone from it.

Backups defend the availability of data — the goal of information still being there when you need it. An attack or accident takes the original away; the backup is how you get it back.

Why Separate and Offline Matters

Here is the trap. If a backup sits on the same computer as the original, or on a drive that is always plugged in and reachable, then whatever destroys the original can usually destroy the backup too. Ransomware that encrypts your files will happily encrypt a connected backup drive in the same sweep. A thief who takes the laptop takes the copy folder sitting right next to your work.

This is why a backup is only trustworthy when it is isolated — kept somewhere the main system can't freely reach. The separation is doing all the work. A copy that shares the fate of the original is not really a second copy at all; it is the same copy wearing a different name.

Isolation can mean a different physical place, a drive that stays disconnected until it is needed, or a service the everyday system has no power to delete from. The form varies. The principle does not: a backup must be able to survive the event that takes out the original.

Whether a copy survives comes down to one thing: isolation
Connected copy
Same device or always-attached drive — destroyed or encrypted alongside the original
Isolated backup
Offline drive or separate service — survives the same attack because it can't be reached

The Ransomware Answer

Ransomware is malicious software that locks your files by scrambling them, then demands payment to unlock them. Faced with it, a person without a backup has two grim choices: pay strangers and hope they keep their word, or accept that the files may be gone for good.

A clean backup removes that dilemma. Instead of paying, you wipe the locked machine and restore your data from the separate copy. The attacker still has their scrambled version, but it no longer matters — you never needed it. This is why backups are the single most reliable defense against ransomware: they turn an extortion attempt into a chore. One honest limit: a backup restores your access to the data — it can't un-steal a copy an attacker already took, which is why the double-extortion attacks from Chapter 6 still sting even when your backups are perfect.

The catch sits in the word clean. The backup only saves you if it was made before the attack and kept out of the attacker's reach. That is, again, why isolation is not optional.

A Backup You Can't Restore Isn't a Backup

It is easy to assume that making copies is the whole job. It isn't. A backup proves its worth only at the moment you restore from it — and that is the worst possible time to discover it doesn't work.

Backups fail quietly in ways nobody notices until the emergency: a copy that was secretly incomplete, a file format nothing can open anymore, a process that stopped running months ago. If no one ever restores from a backup to check it, the backup is a guess, not a guarantee.

So the real test of a backup is a successful restore. A copy you have actually brought back to life is a backup. A copy you merely hope works is a wish. The two look identical right up until the day they don't.

Common Confusions
  • "A copy on the same computer is a backup." If the copy is reachable from the system, the same failure, theft, or ransomware can take it along with the original. A real backup is kept separate from what it protects.
  • "Having backups means I'm safe." Only if restoring actually works. An untested backup can be incomplete or unreadable, and it fails at the exact moment you finally need it.
  • "Backups are only for when hardware breaks." A dead drive is one case. Backups are also the durable answer to ransomware and to honest mistakes like deleting the wrong folder.
Why It Matters
  • Backups convert the scariest events — ransomware, a stolen laptop, total data loss — into something you recover from instead of something that ends you.
  • They are proof that good security plans for failure, not only prevention: some attacks can't be stopped, so the question becomes how you survive them.
  • Knowing that the value lives in the restore, not the copy, changes what counts as protected — a backup nobody has tested is not yet protection.

Knowledge Check

What makes something a backup rather than just another file?

  • It is a separate copy you can restore from
  • It is simply the most recent version of the file
  • It is a copy stored right beside the original
  • It is the original file after it has been encrypted

Why does a backup need to be kept separate from the main system?

  • So that restoring the data later happens more quickly
  • So the same attack or failure can't reach the copy
  • So the original data becomes hidden from attackers
  • So the backup can hold far more data than the original

Olivia has backups but has never tried restoring from them. Why is that a problem?

  • Backups stop working automatically after a set amount of time
  • A single backup is never enough no matter what
  • An untested backup may fail when she needs it most
  • Making the copy could corrupt the original data

You got correct