The Dark Side of Backups: Why Encrypted Data May Not Be Enough in an AI-Driven Ransomware Era

For two decades, I've been preaching the benefits of backups as a non-controversial best practice for protecting data. The idea is simple: have three copies of every file, two on different physical devices and one located off-site. In my experience, this approach has worked well, even with the occasional backup corruption or malware issue. However, in an era where AI agents are fast, loose, and out of control, I'm starting to wonder if our traditional backup strategy is no longer viable.

The reality is that hackers trying to break into networks used to have to do most of the work themselves. Brute-force attack programs were common, but a target had to be juicy enough for the human hackers to take their time and attention to try and break in. Now, AI agents can fan out and attempt to tunnel into networks globally, making it a much faster and more efficient process. Local large language models available for download also mean that big AI companies' corporate guardrails are unlikely to prevent their AI from going rogue.

So, what happens when an attacker gets into your network? They can install malware, which is often used to harvest credentials or exfiltrate data. According to the 2026 Pincus Red Report, most malware is designed to evade detection, remain hidden in the system or network, and enable stealthy remote command and control. AI makes this process much more feasible, allowing attackers to embed enemy agents inside your network that can act independently on behalf of their masters.

Networks are no longer just dealing with malicious software; they're essentially harboring an intelligent terrorist sleeper cell, operating deep undercover, with skills better than the IT team tasked with defending against it. The attackers can clone one AI-based assault team and deploy it thousands of times over, resulting in an asymmetrical, potentially devastating threat.

Now, let's talk about backups. It all seemed so simple: make a copy of what's on your computer or server. But, as anyone who has set up backups knows, there are issues with how much data you back up, whether you can back up databases and files that are locked when used by the file system, whether you back up incrementally or make sync copies, and more.

Ransomware protection software company Veeam's 2025 Ransomware Trends survey concluded that 93% of ransomware attacks target backups. Of the organizations surveyed, 34% said their backups were modified or deleted. The Veeam study doesn't specify AI's role in these attacks, but now that we're in 2026, you can be assured that threat actors are putting AI to work.

Ai-based ransomware isn't just about a sophisticated AI running loose or bedding down inside your network to exfiltrate data and credentials. It's also being vibe-coded by threat actors, which means the ransomware has the same potential for bugs and hallucinations as all the other vibe-coded software out there.

According to Veeam's research, 64% of companies paid the ransom. Of those, 47% paid the ransom and recovered their data, while 17% paid the ransom but still could not recover the data. The key issue here is that AI-based ransomware might be so crappy that it's unable to keep up its end of the bargain.

Once a baddie gets into your network, they can analyze network patterns, backup schedules, and storage configurations to locate points of vulnerability. They can target backup repositories, create corrupt snapshots, and exfiltrate decryption keys or other credentials. Even if you think your organization is protected by its backups, an embedded AI-driven malware strain may have been quietly corrupting your backups and neutralizing your defenses.

The net result is that before encryption of off-site backups begins, and before the backups even take place, the malware has suitably corrupted and infected the data. This means that even if a backup can restore the data, the backup itself has already been corrupted before it was even created.

So, what can you do to protect your network? Here are 10 possible tactics you might want to consider:

Tactics to Protect Your Network

1. Implement a comprehensive security strategy that includes regular backups and patching. 2. Use AI-powered threat detection tools to identify potential vulnerabilities in your network. 3. Conduct regular vulnerability assessments and penetration testing to identify weaknesses in your system. 4. Develop an incident response plan to respond quickly and effectively in the event of a breach. 5. Consider implementing a Zero Trust model, where all access to your network is monitored and controlled. 6. Use encryption to protect data both in transit and at rest. 7. Regularly update and patch your software and systems to prevent exploitation of known vulnerabilities. 8. Educate employees on cybersecurity best practices and the importance of reporting suspicious activity. 9. Implement a backup strategy that includes off-site backups to a secure location. 10. Consider implementing a cloud-based backup solution to ensure data is always available and secure.

In conclusion, while our traditional backup strategy may not be enough in an AI-driven ransomware era, there are steps you can take to protect your network. By implementing a comprehensive security strategy that includes regular backups, patching, and vulnerability assessments, you can reduce the risk of a breach.

Is Perplexity's new Computer a safer version of OpenClaw? How it works Best antivirus software 2026: My favorites, ranked, for personal device security AI threats will get worse: 6 ways to match the tenacity of your digital adversaries