Ransomware Is Common. Can You Actually Restore?

TL;DR: 

A backup isn’t a plan, a tested restore is. Keep 3 copies of your data, on 2 different kinds of storage, with 1 off-site, 1 locked/immutable, and run a quarterly “can we restore?” drill. Small businesses get hit more than big ones, so proof beats hope. 

A local wake-up call: August storms in greater Milwaukee

Severe storms and flash flooding on Aug 9–10, 2025 led to widespread damage and power outages across Milwaukee County; officials issued emergency declarations and even closed the final day of the Wisconsin State Fair. If your only backup lives in your server room and that building floods or loses power for days, you may have no backup at all. 

Why small businesses need this more

Fresh data shows ransomware disproportionately affects small organizations. Verizon’s 2025 DBIR found ransomware in 44% of all breaches overall but only 39% for large orgs vs 88% for SMBs. Coveware’s incident data echoes it: in 2025, the median victim size was ~228 employees, and companies with 11–100 employees were the single largest share of victims. In short: attackers pick firms big enough to pay, small enough to lack enterprise defenses. 

The 3-2-1-1-0 rule (plain talk)

• 3 copies: your working data and two backups
• 2 different places/types: e.g., onsite device and secure cloud backup
• 1 off-site: so weather, fire, or theft at HQ doesn’t take everything
• 1 locked (immutable/air-gapped): a copy that can’t be altered or deleted
• 0 errors when you test: run a restore and fix what breaks

Think of it like layers in a Wisconsin winter coat, if one fails, another keeps you warm.

A quick 10-minute self-check

1. Where do your backups live? If “in the server room,” you need an off-site copy.
2. Could ransomware delete your backups? If backups use the same admin logins as production, you need a lockedcopy.
3. When did you last test a restore? If it’s >90 days, assume it won’t work under pressure.
4. How fast could you be back? Write simple targets: “Files back in __ hours; accounting in __ hours.”

Your quarterly “Can we restore?” drill (easy version)

1. Pick one system that matters (files, accounting, key app).
2. Restore it somewhere safe (spare PC, lab server, or cloud sandbox).
3. Do a normal task (open a file, run a report, log in).
4. Time it and screenshot start to finish.
5. Write one page: what worked, what didn’t, how long it took, and what to improve.

That one pager doubles as evidence for leadership, auditors, and cyber-insurance.

What “good” looks like (owner’s view)

• Off-site and locked: One backup lives away from your building and can’t be changed or deleted.
• Quarterly test: You’ve timed at least one real restore in the last 90 days.
• Simple targets: “Files back in 4 hours, app back in 8.”
• No single point of failure: If the server room is underwater or without power, you still have a copy. 

FAQ (fast answers)

We back up to a box in our office. Enough?

Not for floods, fires, or theft. You need off-site and locked copies.

Cloud backups sound pricey.

Usually cheaper than downtime. Start with your must-have systems and expand.

How often should we test?

Quarterly and after big changes (new server/app/major update).

Next step: Free 15-minute Resilience Check

We’ll map your backups to 3-2-1-1-0, run a mini restore drill for one system, and send a clear pass/fail report with fixes, no jargon.