When all else fails we reach for the backups. However, increasingly the bad guys are consciously seeking out your backups and deleting them as part of elaborate ransomware routines to force you to pay to recover your data.
This can be as simple as the bad guys deleting your volume shadow copies to as complex as finding and deleting the backups you are storing on your network.
CSI's Paladin CyberSentinel Endpoint Detect & Respond hardens the volume shadow services so they can withstand a malware attempt to destroy the first line your data recovery strategy.
However, it is important to develop a defensive posture with your backups and make sure that you have "air-gapped" backups. By that, we mean you have backups which are "disconnected" from your network. If your domain admin credentials were compromised on your network, they wouldn't work on your backup server. Or the backups are physically disconnected from your network such as removable disk storage).
If you are participating in a BOCES backup CoSer, your CommVault backups are air-gapped from your network. If you are doing something yourself such as Veeam, we are strongly recommending that that backup server and the storage shares holding the backups be completely independent of your main network using different passwords and having very limited access.
If you are doing your own backups, but are not air-gapping them, I strongly advise you to add this into your configurations. If you need help with that task, let us know.