Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- AI-driven ransomware now targets backups, too.
- Malware can dwell for weeks, mapping recovery systems.
- Your clean restore point may already be corrupted.
We all know the benefits of backups, right? If a computer or server goes down or is otherwise compromised, backups come to the rescue. It’s a common, standard, non-controversial, no-brainer best practice. If you don’t want to lose your data, back it up.
For 20 years, I’ve talked up the benefits of the tech industry’s best-practice 3-2-1 backup strategy. The idea is to have three copies of every file, two on different physical devices and one located off-site. I practice what I preach, backing up to a couple of servers at home and to cloud storage off-site.
Also: AI agents are fast, loose, and out of control, MIT study finds
Nothing here is news. This strategy is just how it’s done, and it works. Or does it?
What if I told you that everything you know and everything you do to ensure quality backups is no longer viable? In fact, what if I told you that in an era of generative AI, when it comes to backups, we’re all pretty much screwed?
Sometimes, it seems like AI is ruining everything. This time, it’s ruining backups. Yep, some days, it sucks to be human.
Sneaking in and bedding down
For most of this article, I’m going to be talking to folks running enterprise-level IT operations. But this little nightmare can apply equally to small business networks and even home networks. Even if you don’t think you’re big enough to be a target, if your network touches the internet, you are.
This reality is especially true with AI. Back in the good old days, hackers trying to break into networks had to do most of the work themselves.
Sure, there were brute-force attack programs, but if your firewall didn’t fall over after being kicked hard enough, those programs just went to the next IP address in the list. It was only if a target seemed juicy enough that the human hackers would take their own personal time and attention to try to break into a network.
Also: AI threats will get worse: 6 ways to match the tenacity of your digital adversaries
But now, AIs can do almost everything. They can also do it all much faster and don’t require an ongoing supply of Skittles, pepperoni, and nap time to keep up the hard work.
AI agents can fan out and attempt to tunnel into networks globally. Plus, with local AI large language models available for download, there’s no reason to hope that some big AI company’s corporate guardrails will prevent the AI from going over to the dark side.
This situation is something that almost anyone with some tech skills and a lack of moral compass can make happen. So, imagine these tools in the hands of terrorist organizations, hacker groups, or rogue nation-states. No network is truly safe.
Let’s take this reality to its logical, if unscrupulous, unprincipled, and amoral conclusion. Once a baddie gets into your network, what can they do? Well, they can install some malware. And again, here comes AI.
Also: As ransomware recedes, a new, more dangerous, digital parasite rises
These days, according to the 2026 Pincus Red Report, most malware is used to either harvest credentials or to exfiltrate data. Fully 80% of the top attacks are specifically designed to evade detection, remain hidden in the system or network, and enable stealthy remote command and control.
For years, malware was deployed primarily to smash-and-grab, disrupt systems, and ransom data access. This approach gave rise to the ransomware business model for threat actors who use encryption to lock data and cause immediate disruption. That business model has changed radically in the past year, with a 38% relative decrease in encryption ransomware from 2025 to 2026, according to Pincus.
AI makes stealth, evasion, and living off the land inside systems much more feasible. Now, attackers are essentially embedding enemy agents inside the network, with the knowledge and capability to act independently on behalf of their nefarious masters.
Also: Rolling out AI? 5 security tactics your business can’t get wrong – and why
Networks are no longer just dealing with malicious software. Instead, they are essentially harboring an intelligent terrorist sleeper cell, operating deep undercover, with as good or better skills than the IT team tasked with defending against the embedded AIs.
Every defender needs to have their A team on and defending at all times. But the attackers can simply clone one AI-based assault team and deploy it thousands of times over, resulting in an asymmetrical, potentially devastating threat.
Which brings us back to the topic of backups.
Backups: It all seemed so simple
Let’s talk about the basic premise of backups. The idea is as simple as it can be. Make a copy of what’s on your computer or server. That way, if something happens to the machine, you have a copy of the data to restore. Easy peasy.
For the record, I can’t stand the phrase ‘easy peasy.’ As anyone who has set up backups knows, there’s nothing easy or peasy about setting up backups so they restore reliably. There are issues with how much data you back up, whether you can back up databases and files that are locked when used by the file system, whether you back up incrementally or make sync copies, and on and on and on.
Also: Rolling out AI? 5 security tactics your business can’t get wrong – and why
We already talked about the 3-2-1 approach. Where do you store your backups? Last time I checked, I had 139.04 terabytes on my home servers. There’s probably more now, if you count a few AI test servers I’ve set up recently and our day-to-day productivity-based work computers.
My approach is to back up to a couple of dedicated in-house servers (including one shut down automatically for all but four hours a week). I also send all our data (except huge video files) to several cloud services for off-site backups.
The easy-peasy assumption is that your data is good before it’s backed up. Therefore, if something happens and you need to restore, the data you’re bringing back from the backup is also good.
Even without malware, AI, and bad actors, that’s not always the way things turn out. Backups can get corrupted, and they might not have been written right in the first place, yada, yada, yada. But for this article, let’s assume that your backup and restore process is solid, reliable, and functional.
Also: AI agents are already causing disasters – and this hidden threat could derail your safe rollout
Of course, that’s not necessarily the case. Ransomware protection software company Veeam’s 2025 Ransomware Trends survey concluded 93% of ransomware attacks target backups. Of the organizations Veeam surveyed, 34% said their backups were modified or deleted.
The Veeam study doesn’t specify AI’s role in these attacks, but now that we’re in 2026, you can be assured that threat actors are putting AI to work.
Vibe-coded ransomware
Understand this: AI-based ransomware isn’t just about a sophisticated AI running loose or bedding down inside your network to exfiltrate data and credentials. Oh, no. AI-based ransomware is now being vibe-coded by threat actors. That approach means the ransomware has the same potential for bugs and hallucinations as all the other vibe-coded software out there.
Here’s the honor-among-thieves promise about ransomware. They encrypt it. You pay. They give you a key to decrypt it. Veeam’s research found that 64% of companies paid the ransom. Of those, 47% paid the ransom and recovered their data, while 17% paid the ransom but still could not recover the data.
Now, here’s the thing about vibe-coded ransomware. Even if the thieves are willing to return the data, their AI-generated vibe-coded software might be so crappy that they’re unable to keep up their end of the bargain. Do you seriously think that threat actors who use vibe coding test their threat engines?
Also: Why enterprise AI agents could become the ultimate insider threat
Here’s an example. In January 2026, the Halcyon Ransomware Research Center (a collaborative anti-malware research initiative launched by anti-malware company Halcyon) discovered a critical flaw in a ransomware variant called Sicarii.
This variant of malware correctly generates a new RSA key to encrypt the targeted data. It then actually uses that key to encrypt the targeted data. So far, so good. Or at least as good as something like a ransomware implementation can be. But then, the software deletes the key. It’s a bug that renders the key one-time use and only for encryption. Nothing’s going to get your data back with that software bug.
Aggressive intelligent agents
Now, let’s move on to the case where an AI agent is embedded stealthily in a network. Some of these embedded AI-driven malware strains can analyze network patterns, backup schedules, and storage configurations. This capability allows the AI to locate points of vulnerability.
These AI-based attacks can target backup repositories, create corrupt snapshots, and exfiltrate decryption keys or other credentials. You might think your organization is protected by its backups. However, if a persistent malware AI has been living in your network, it may have been quietly corrupting your backups and neutralizing your defenses.
The name BlackFog could accurately describe how I feel every morning before my first cup of coffee. But in this case, it refers to an anti-exfiltration company that published the results of a ransomware study. According to the BlackFog report, ransomware that acts as a sleeper in a network is often resident for 11 to 24 days before being detected. This is called dwell time.
Also: These top 30 AI agents deliver a mix of functions and autonomy
During dwell time, the ransomware maps the environment, identifies backup servers, scans for snapshot systems, and observes scheduled backup jobs to understand recovery patterns. Malicious software now uses automated reconnaissance scripts powered by AI-style pattern recognition to classify storage systems, detect common backup software, and prioritize high-value targets, such as domain controllers or backup management consoles.
Once inside and after a suitable reconnaissance period, intelligent malware strains attempt credential harvesting, exploit known vulnerabilities in backup strategies, and hack admin tools to delete, encrypt, or disable backups. Some truly nasty attacks specifically target immutable storage by seeking out misconfigurations. Here, they attack the management infrastructure, screwing with network data before it ever reaches the backup system.
Also: Will AI make cybersecurity obsolete or is Silicon Valley confabulating again?
The net result is that before encryption of off-site backups begins, and before the backups even take place, the malware has suitably corrupted and infected the data. Even if a backup can restore the data, the backup itself has already been corrupted before it was even created.
Gotta love this AI stuff, eh?
Ten ways to harden your network
This article is mostly designed to bring you up to speed on the threat.
But in honor of an old boss who always insisted I never bring her a problem without offering a solution, here’s a lightning round of 10 possible tactics you might want to consider to protect your network:
- Define response playbook: Teams can be trained to follow procedures.
- Segment your network: Build internal firewalls so malware introduced in one network segment can’t transition to others.
- Verify backups regularly: Test restores, and do so far more often than you might think practical.
- Ensure backup cleanliness: Backups can be scanned for hidden malware. Some products do this task.
- Maintain isolated copies: Storage can be kept immutable and offline. I physically turn off one of my backup servers for most of each week.
- Build alternate infrastructure: Recovery environments should be prepared in advance.
- Create containment plans: Define your approach so that infected systems can be isolated rapidly. The previously mentioned segmented networks can help with this task.
- Deploy endpoint protection: Malicious code can be blocked pre-execution by investing in software that prevents malware infiltration.
- Enable behavior detection: Encryption attempts may be detected and stopped with judicious use of intrusion detection systems.
- Create an always up-to-date chain of command: Leaders need to be trained and empowered to make quick decisions and direct the attack response.
So there you go. I honestly don’t think any network can be completely hardened. That’s why I always recommend a belt-and-suspenders-and-flak-jacket-and-hip-waders-and hard-hat approach to network defense. Basically, throw everything you’ve got at it, and then keep adding defenses.
Remember, you have to defend against every enemy actor using every attack strategy. All they have to do is find one minor flaw to get in and do damage. So suit up. There’s a war on.
You can follow my day-to-day project updates on social media. Be sure to subscribe to my weekly update newsletter, and follow me on Twitter/X at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, on Bluesky at @DavidGewirtz.com, and on YouTube at YouTube.com/DavidGewirtzTV.
