Ransomware Tactics Exposed: Veeam Uncovers Focus on Backup Storage

By Greg Tavarez, TMCnet Editor  |  May 30, 2023

Organizations of all sizes are finding themselves increasingly vulnerable to ransomware attacks. It makes sense, given the increasing sophistication of cybercriminals and their ability to exploit vulnerabilities in IT systems. The financial incentives for hackers also play a factor, as ransomware attacks prove to be highly lucrative with minimal risk.

To shed light on this trend, Veeam revealed in its 2023 Ransomware Trends Report that nearly one in seven organizations will witness the compromise of almost all their data because of a significant gap in protection that businesses must urgently address.

These unfun findings make it evident that attackers have honed a collective focus on one critical aspect:


During cyberattacks, bad actors target backup repositories more than 93% of the time, successfully hampering victims' recovery capabilities in 75% of cases. This highlights the importance of employing immutability and air gapping methods to safeguard backup repositories.

Now, let’s backtrack just a bit. After experiencing a ransomware attack, IT leaders are confronted with two choices: They either pay the ransom or restore what they can from backups.

IT leaders should be aware here that the payment of a ransom unfortunately does not guarantee recoverability. Yet, according to the report, 80% of surveyed organizations chose this option to terminate attacks and regain access to their data. Out of percentage, an additional 21% failed to retrieve their information, even after making the payment.

So, it comes down to the IT leaders to figure out how to avoid paying a ransom when it won’t even guarantee recoverability. A counter to this lies in leveraging backups for recovery. While implementing best practices (such as securing backup credentials and automating cyber detection scans of backups) proves beneficial, the key comes from ensuring immutability. This means that IT leaders need to utilize immutable clouds and employ immutable disks.

There are signs that IT leaders are implementing these best practices. However, less than 20% of organizations avoided paying ransoms by leveraging their backups for recovery, according to the report.

And when respondents were asked how they ensure that data is clean during restoration, not even half of the respondents had completed some form of isolated-staging to re-scan data from backup repositories prior to reintroduction into the production environment. This means that the majority of organizations run the risk of re-infecting the production environment by not having a means to ensure clean data during recovery.

“We need to focus on effective ransomware preparedness by focusing on the basics, including strong security measures and testing both original data and backups, ensuring survivability of the backup solutions, and ensuring alignment across the backup and cyber teams for a unified stance,” said Danny Allan, Chief Technology Officer at Veeam.

Overall, the cyberthreat landscape continues to evolve and ransomware attacks continue to proliferate. Organizations must heed wake-up calls presented sources like Veeam; especially the need to reinforce data protection strategies, fortify backup repositories against attacks and enhance alignment between cyber and backup teams.

These proactive measures enable organizations to mitigate the impact of ransomware attacks and ensure the resiliency of their operations in an increasingly hostile digital world.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]