The backup has to be offline, disconnected from the computer that gets infected.
“Keeping a backup copy of vital data is a good way of reducing the damage of a ransomware attack: it allows companies to get systems up and running again without having to pay off the crooks. But that backup data isn’t much good if it’s also infected with ransomware — and thus encrypted and unusable — because it was still connected to the network when the attack took place.”
Look, I get it, offline backups are kind of a pain. You have to make the copy, pull it offline, then go do it again at some point, on and on and on. Online, automatic backups are so much easier.
Except when your network gets hit and they encrypt everything attached to it.
Then you’ll wish you had an offline backup.