Ransomware doesn’t knock anymore. It walks straight through the front door, locks everything up, and leaves a bill you never expected.

In 2026, the question isn’t whether you’ll be targeted — it’s whether your backups will still be standing when the smoke clears.

Let’s be honest about something most IT teams quietly dread: a backup that can be deleted, encrypted, or overwritten by an attacker isn’t really a backup at all. It’s a false sense of security with a server sticker on it.

What Makes a Backup “Immutable”?

Immutability means that once data is written to storage, it cannot be modified, deleted, or overwritten — by anyone, for a defined period of time.

This is achieved through a feature called Object Lock, which is supported by modern cloud storage providers including Backblaze B2. When you write a backup with object lock enabled:

  • No user, admin, or process can delete it before the lock period expires
  • Even if an attacker gains full administrative credentials, they cannot destroy the backup
  • The data remains accessible for restore throughout the lock period

This is fundamentally different from traditional backups, which — even when “protected” — can be deleted by anyone with sufficient system access. And ransomware groups are very good at finding sufficient access.

The Attack Pattern You Need to Understand

Modern ransomware doesn’t encrypt immediately. The typical attack follows this sequence:

  1. Initial access — phishing, credential stuffing, or an unpatched vulnerability
  2. Reconnaissance — mapping your network, identifying backup systems
  3. Backup destruction — deleting or encrypting your backups before triggering the main attack
  4. Ransomware execution — encrypting production systems once your recovery options are gone

By the time you see the ransom note, your backups are often already gone. Immutability breaks step 3.

What Immutable Backups Look Like in Practice

Backblaze B2 with Object Lock

Backblaze B2 Cloud Storage supports object lock in both Governance and Compliance modes:

  • Governance mode: Protects against accidental deletion; can be overridden by privileged users with appropriate permissions
  • Compliance mode: Absolute protection — no one, not even Backblaze, can delete the data before the lock period expires

For ransomware protection, Compliance mode is the right choice for your most critical recovery points.

The 3-2-1-1-0 Rule

The updated backup best practice for 2026:

  • 3 copies of your data
  • 2 different storage media types
  • 1 offsite location
  • 1 immutable or air-gapped copy
  • 0 unverified backups — test your restores

The additional “1” for immutability and the “0” for verified restores are the modern additions to the classic 3-2-1 rule, reflecting the reality of today’s threat landscape.

The Cost Argument

Some organizations hesitate on cloud backup costs. Let’s put it in perspective:

  • Backblaze B2 costs approximately $6 per TB per month
  • The average ransomware payment in 2025 was $2.7 million
  • The average total cost of a ransomware attack (including downtime, recovery, and reputation damage) was $4.9 million

For most SMBs, a complete backup strategy using Backblaze B2 costs less than £100/month. The math is straightforward.

Getting Started

If you’re evaluating your current backup posture, ask three questions:

  1. Can my backups be deleted by someone with admin access? If yes, they’re not immutable.
  2. When did I last test restoring from backup? If you can’t remember, that’s your answer.
  3. Do I have a copy stored somewhere my production environment can’t reach? If not, that’s your next priority.

We partner with Backblaze to help businesses implement cloud backup solutions that are affordable, proven, and genuinely protective. Learn more about our backup services or contact us to discuss your specific situation.