How to protect backups from ransomware starts with a hard truth: attackers aren't just encrypting your data anymore, they're stealing it first — and no backup system on earth undoes an exfiltration. In this encore episode of The Backup Wrap-Up, Curtis and Prasanna dig into what real immutability looks like versus the marketing version, why root access quietly undermines most "immutable" storage claims, the difference between virtual and true physical air gaps, and the exact questions you should be firing at your backup vendor before you trust them with your last line of defense.
This one's an encore for a reason — it was one of the most listened-to episodes in the show's history, with listeners sticking around for the full runtime and then some. That's the kind of signal that tells you it's worth a second run.
Along the way, they cover S3 object lock and what actually happens if your account gets deleted or your credit card stops working, why compromised admin credentials are involved in the majority of attacks and what your vendor should be able to undo, and why bit rot — rare, but nasty when it's silent — still belongs on your checklist. If you manage backup or DR for a living, or you're just trying to figure out whether your current setup would actually hold up, this episode gives you a concrete list of questions to ask and red flags to watch for.
Chapters:
00:00 – Cold Open: Ransomware Is After Your Backups
01:19 – Welcome & Banter
05:50 – Topic Setup: Protecting Backups from Ransomware
07:36 – The Extortion & Exfiltration Playbook
15:25 – What Is an Air Gap?
18:22 – Virtual Air Gaps
27:57 – Real (Physical) Air Gaps
28:12 – What Is Immutability, Really?
29:23 – Bit Rot
30:42 – Root Access & the Limits of Immutability
32:51 – S3 Object Lock
40:20 – Questions to Ask Your Backup Vendor
42:31 – What Happens If You Delete Your Account?
44:29 – Compromised Credentials & Worst-Case Scenarios
46:41 – Final Thoughts



