Backups & Data Resilience

What is the 3-2-1 backup rule for ransomware?

The 3-2-1 backup rule means keeping at least three copies of data, on two different types of storage or locations, with one copy kept offsite. For ransomware, many teams extend that model with immutable or offline copies so attackers cannot easily destroy every recovery path.

The rule improves survivability, but it does not prove recoverability. Each recovery copy still needs validation, because a backup can follow 3-2-1 perfectly and still preserve ransomware-affected data.

Last updated May 27, 2026

Related terms

Immutable Backup Air-Gapped Backup Backup Integrity Validation

Related Elastio resources

WhitepaperRansomware Recovery & Cyber Resilience Maturity Model

See how Elastio proves clean recovery

Elastio hunts for ransomware inside your live, replicated, and backup data and pinpoints the last recovery point proven clean.

Explore the platform Request a demo

Related questions

Why can a backup that "completed successfully" still fail to recover?What does backup integrity validation check?What is backup destruction?What are the 4 pillars of cyber resilience?What is Volume Shadow Copy?How can you be resilient against ransomware?

PreviousCan ransomware infect cloud storage?NextWhy can a backup that "completed successfully" still fail to recover?