Disk-based backups offers a tremendous amount of benefits on operations – smaller windows (lower impact from backup), more frequency ( more recovery points offers less risk of data loss), more consolidation ( infrastructure reduction, simpler to manage and add capacity), better efficiency ( deduplication reduction in resources, time, storage, etc.) and much faster recovery across the spectrum.
Disk-based backups have different implementation methods on copy management from persistent snapshots maintained on the source volumes, to secondary copy repositories managed in near-line (data is not directly mounted from the production host), secure areas, to far-line copy repositories managed on different sites and infrastructure formats (such as cloud storage services or different hardware combinations).
Ransomware may take longer to find than other types of malware. During that time it may compromise and corrupt files in production volumes. It can also delete any direct attached copy sets (such as snapshots or file copies).
Data copies stored on backup copy repositories can prevent rogue users from deleting the data, if the system is implemented in a hardened manner with strong security roles/access rights to minimize the risk of that system being compromised over the network.
It is important to be careful in configuring remote offices where the backup copy collections are implemented on the production host (to save on infrastructure costs). If the host is compromised at a root account then that copy set can be lost. Remote copy management strategies should use several “baskets” to store the data copies to avoid such risks and allow full system recovery if a production data set was lost.
Recently, the practice of creating external persistent backup copies has been stopped in preference to relying on local snapshots. However the snap collection can be deleted by OS root users. A tiered copy management strategy can minimize risk, while affording the right options and efficiencies to create data assurance and insurance on recovery and minimize infrastructure costs.
Tape is certainly a “safer” option in avoiding the risk of a root user deleting online collections... but most environments have outgrown the ability of tape to suffice in providing an active recovery tier to keep pace with the business. The better answer is creating the copy repositories, ensuring the configuration is hardened, and managing at least two baskets to avoid the immediate risks.