Modern ransomware doesn't just encrypt your PC—it hunts for your backups too. Here is why the old standard fails and how to build a bulletproof defense.
By The Storage Team
EasyDriveCompare.com
The 3-2-1 rule is a simple data backup strategy developed by photographer Peter Krogh in the mid-2000s. The logic is straightforward: keep 3 copies of your data, stored on 2 different media types, with 1 copy kept offsite.
The three numbers represent different layers of protection:
When Krogh published this strategy, it was genuinely excellent advice. Before cloud storage became ubiquitous, convincing people to keep even one external backup was a battle. The 3-2-1 rule simplified that conversation into three memorable numbers, and it became the de-facto standard for IT departments and photographers alike.
For two decades, IT professionals swore by the 3-2-1 Rule. It was simple. It was effective. But in 2026, following it without modification is dangerous advice. Why? Because it assumes your backups are safe from infection.
Modern ransomware (like LockBit 4.0) spends weeks inside a network before detonating. It actively scans for connected backup drives, NAS units, and even cloud sync folders, encrypting them alongside your main files. If your "offsite" copy is just a Dropbox or OneDrive sync, it gets encrypted too — and deleted from the cloud within minutes.
The 3-2-1 rule also has no requirement for backup verification. Many people discover their backups are corrupt or incomplete only when they actually try to restore — which is the worst possible moment to find out.
To survive a modern attack, you need two new layers of defense: Immutability and Zero Errors.
The original data + two backups. This part hasn't changed.
e.g., Local SSD + NAS, or NAS + Cloud. Don't keep everything on one device.
Cloud storage or a physical drive at a different location (to protect against fire/theft).
CRITICAL: A copy that cannot be modified or deleted, even by an admin. This is your "Air Gap".
Verified backups with 0 errors. A backup you haven't tested is just a wish.
You don't need a corporate budget to achieve immutability. Here are the best ways for home users and small businesses to create an unhackable "Air Gap."
The simplest air gap. Buy a high-capacity external HDD. Run your backup. Unplug it. Ransomware cannot hack a cable that isn't connected.
Compare Best External HDDs →Use cloud storage (like Backblaze B2 or AWS S3) with "Object Lock" enabled. This sets a flag saying "Do not allow deletion for 30 days". Even if a hacker gets your password, they cannot delete the files.
For your local copies (the "2" in 3-2-1), reliability is key. We recommend CMR drives over SMR for faster recovery speeds.
| Drive Model | Best For | Capacity |
|---|---|---|
| WD Red Pro | NAS / 24/7 Uptime | 4TB - 22TB |
| Seagate IronWolf Pro | Heavy Workloads | 4TB - 24TB |
| WD Elements (External) | Cold / Offline Backup | Up to 22TB |
You don't need enterprise hardware to implement a solid 3-2-1-1-0 strategy. Here's a realistic setup for a home user protecting photos, documents, and work files:
Your working files live here. An internal NVMe SSD is ideal for performance and reliability.
A 2-bay NAS (e.g., Synology DS223) with two WD Red or Seagate IronWolf drives provides automatic nightly backups and RAID redundancy. This is your second copy on a different medium.
Backblaze Personal Backup (~£7/month) or iDrive automatically backs up to an offsite data centre. This satisfies the "1 offsite" requirement.
Once a month, plug in a large external HDD (e.g., 4TB WD Elements), copy your most critical files, then unplug it and store it in a drawer. Ransomware cannot reach a physically disconnected drive.
Every three months, attempt an actual restore of 2–3 random files from each backup location. If it works, you know it will work when you need it most.
Dropbox, OneDrive, and Google Drive sync your files — they don't back them up independently. If ransomware encrypts your PC, the encrypted versions sync to the cloud within minutes, overwriting your clean copies.
A backup you've never restored from is an assumption, not a safety net. Test a restore at least once a year — ideally quarterly.
An always-connected external drive is just another target for ransomware. Disconnect it after each backup session to create a genuine air gap.
Don't forget to include emails, browser bookmarks, password manager exports, software licence keys, and photos stored in app libraries. These are often overlooked until it's too late.
If one account is compromised, attackers can access your cloud backup too. Use a unique, strong password for your cloud backup service, stored in a password manager.
Don't wait for a crash or a hack. Hard drives are cheap; your data is priceless. Start by finding the right drive for your offline backup.
Compare HDD Prices Now