"The destructive power of complacency."

Ep 225 Danny Allan on Why Ransomware IS a Disaster, and VeeamON 2022 News - May 28, 2022

Global estimated damages from Ransomware attacks...

"96% of Veeam customers cut their average ransomware recovery costs under $5,000. 76% of Veeam customers have to spend NOTHING AT ALL"  - Cybercriminals are notoriously responsive to defenses which cut into their profitability!! 

"Don't wait for the problem to be a problem!"

Hackers of CypherCon: Ransomware and NIST Cybersecurity Framework with Randy Lee

Comprehensive Guide to Ransomware Protection With Veeam - Technical - August 8, 2023 - 6 min to read

Please SCROLL DOWN for "Ten tips to prevent ransomware attacks using Veeam."

Important Ransonware information (Click Here)



"Ransomware works by encrypting user's files through asymmetric encryption methods. The attacker then demands money in exchange for decrypting the files. There are several ways ransomware can attack and encrypt files, with varying degrees of complexity."

What is an example of a Ransomware attack?

"Bad Rabbit is a 2017 ransomware attack that spread using a method called a 'drive-by' attack, where insecure websites are targeted and used to carry out an attack. .Bad Rabbit used a fake request to install Adobe Flash as a malware dropper to spread its infection." Five of the most significant ransomware attacks in 2020 include: Maze, REvil, Ryuk, Tycoon, NetWalker.

How do I get Ransomware?

"There are several different ways that ransomware can infect your computer. One of the most common methods today is through malicious spam (or malspam), which is unsolicited email that is used to deliver malware. The email might include booby-trapped attachments, such as PDFs or Word documents."

What's the trend for Ransomware?

"According to Trend Micro, computer criminals continue to show an interest in ransomware, as well as cheap offerings associated with deepfake services on underground web marketplaces. Malwarebytes noted that malicious actors could ultimately combine these two threats together into “deepfake ransomware” attacks". Aug 4, 2020

What percentage of people pay the ransom?

"In 2018, 39 percent of ransomware victims paid the ransom. In 2019, that number rose to 45 percent. Today, as many as 58 percent of ransomware victims, from every industry, have paid ransom. Apr 3, 2020"

Can Ransomware be removed?

"Every filecoder has its own method of encryption, which means you can't simply remove it like other forms of malware. To avoid being studied and decrypted, most ransomware programs delete themselves after a set period of time. Sep 25, 2019"

3-2-1 (Click Here)

A - VSS Integration (Click Here)


B - Storage Integration (Click Here)


C - Data Integration APIs (Click Here)


D - SureBackup / Clean DR (Click Here)


E - Instant Recovery / Secure Restore / Clean DR (Click Here)


F - CDP/Sync Replication (Click Here)


H - VBR Server - MFA/Multi-Factor Authentication (Click Here)


G - Replicas/Async Replication (Click Here)


I - VBR Server - Encryption and Infrastructure Hardening (Click Here)


J - VBR Server - Configuration Backup (Click Here)


K - VBR Server - POLP/Separate Authentication Framework (Click Here)


L - Veeam One Server - Enable Alarm Notifications - "Possible Ransomware Activity" (Click Here)


N - Veeam One Server - Enable Activity Scans - "Suspicious Incremental Backup Size" (Click Here)


O - VRO (Click Here)


P - Deduplication Appliance (Click Here)


Q - Hardened Linux Repo (Click Here)


R - On Premise Object Storage with Immutability (Click Here)


S - In Cloud Object Storage with Immutability (Click Here)


T - Tape Backups (Click Here)


TEN tips to prevent ransomware attacks using Veeam

Your Ransomware plan needs to be provable, documented, reliable, AND tested.

...in short, GET SMART by using a layered defense: "Protect"-"Detect"-"Recover" (NIST)

...AND be sure to protect your Microsoft Office 365 against a BEC ("Business Email Compromise") with VBO.

Great read from Brad Linch:  


A new whitepaper: Veeam Backup & Replication V12 enhanced security and scalability with object storage Secure Mode

Posted on May 4, 2023 by Luca Dell'Oca

"The linked whitepaper titled "Veeam Backup & Replication v12: Enhanced Security and Scalability with Object Storage Secure Mode" discusses the new features in Veeam Backup & Replication v12, specifically focusing on enhanced security through Object Storage Secure Mode. It highlights the importance of data protection, introduces the secure mode feature that prevents unauthorized access and modifications, and emphasizes the scalability benefits of using object storage repositories. The whitepaper concludes by emphasizing the advantages of Veeam Backup & Replication v12 and the need for a robust backup strategy."

Попробуйте этот странный трюк, который ненавидят русские хакеры (Click Here)...

Try this one weird trick Russian hackers hate...

"In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick."

"Simply put, countless malware strains will check for the presence of one of these languages on the system, and if they’re detected the malware will exit and fail to install."

“This is for their legal protection,” Nixon said. “Installing a Cyrillic keyboard, or changing a specific registry entry to say ‘RU’, and so forth, might be enough to convince malware that you are Russian and off limits. This can technically be used as a ‘vaccine’ against Russian malware.

"To install a different keyboard language on a Windows 10 computer the old fashioned way, hit the Windows key and X at the same time, then select Settings, and then select “Time and Language.” Select Language, and then scroll down and you should see an option to install another character set. Pick one, and the language should be installed the next time you reboot. Again, if for some reason you need to toggle between languages, Windows+Spacebar is your friend."


Here are few recommendations for remediation that should be at your disposal should a ransomware incident happen... (Click Here)

QUESTION: Pre-authorization (CRITICAL): Do you have authority (pre-authorization) to take action in the event of a cybersecurity incident?

"THE WORD FROM GOSTEV" - Sun 2/13/2022 - 5:50 PM... (Click Here)

Anton Gostev
SVP, Product Management at Veeam Software.
The guy behind Veeam Backup & Replication.

"I've spent many years now advocating for the usage of air-gapped (offline) or immutable backup storage in these newsletters - and I'm happy to see many customers now rushing to implement this best practice. Our support big data indicates that the number of such installs nearly doubled in the last less than 2 years, thanks to heightened ransomware concerns in particular. But for me, it also means that I can reduce ringing this same bell and change the tune to covering a bit different scenario: "We have a solid backup strategy. What else should we do now – and what do we do when the attack actually happens"? I hope that sharing what I learnt from the customers who've been through this will help better prepare everyone to face the same, as unfortunately the reality is such that it's unavoidable for most of us.

First, do the following as soon as possible:

Once you become aware of the on-going attack:

What is the "Internet Crime Complaint Center IC3"? (Click Here)

You should file a complaint with the IC3 if you believe you have been the victim of an Internet crime or if you want to file on behalf of another person you believe has been such a victim.

"IC3's purpose is to serve as a central hub to receive, develop, and refer criminal complaints regarding the rapidly expanding occurrences of Internet crime. The IC3 gives victims a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations on the Internet. IC3 develops leads and notifies law enforcement agencies at the federal, state, local and international level."

Companies can also contact their local FBI field office. It will ask for the following information...

What are the "US-CERT Federal Incident Notification Guidelines"? (Click Here)

Companies can also report ransomware to CISA. Like reporting to the FBI, CISA has specific ransomware reporting requirements...

"Agencies must report information security incidents, where the confidentiality, integrity, or availability of a federal information system of a civilian Executive Branch agency is potentially compromised, to the NCCIC/US-CERT with the required data elements, as well as any other available information, within one hour of being identified by the agency’s top-level Computer Security Incident Response Team (CSIRT), Security Operations Center (SOC), or information technology department. In some cases, it may not be feasible to have complete and validated information for the section below (Submitting Incident Notifications) prior to reporting. Agencies should provide their best estimate at the time of notification and report updated information as it becomes available. Events that have been found by the reporting agency not to impact confidentiality, integrity or availability may be reported voluntarily to US-CERT; however, they may not be included in the FISMA Annual Report to Congress."

"The Cybersecurity and Infrastructure Security Agency (CISA) is a standalone United States federal agency, an operational component under Department of Homeland Security (DHS) oversight. Its activities are a continuation of the National Protection and Programs Directorate (NPPD). CISA was established on November 16, 2018 when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018."

Video: Dealing with a Ransomware Attack: A full guide... (Click Here)

Video: Dealing with a Ransomware Attack: A full guide (10 min)

There are two main types of ransomware: locker and crypto ransomware, each with many variants (Click Here)...

Locker Ransomware: It works by preventing system administrators from reaching their systems by denying access to computing resources, and then demanding a ransom to regain access. Imagine a cybercriminal changing the administrator and root passwords in your corporate servers or cloud servers.

Crypto Ransomware: it works by encrypting the organization’s data, taking it hostage until the victim pays the ransom and obtains the decryption key from the attacker; otherwise, data is destroyed. Crypto ransomware is the most dominant threat and the focus of this article.

Island hopping, also called leapfrogging or pivoting, is a cybersecurity exploit in which an attacker gains access to an intended target by initially exploiting the employees and supply chain partners who have access to the target's network. 

In this type of lateral attack, the threat actor exploits a weakness downstream from the actual target and uses it as a launching point to reach the intended target. The term island hopping is inspired by a military strategy used in the Pacific theater during World War II. 

Generally, island hopping attackers pick employees, customers and smaller companies that work with the target organization, hoping that their cyberdefense will be weaker than the ultimate target. Island hopping attacks often begin through phishing exploits in which the attacker disguises themselves as a reputable entity in an email or other communication channel. Continue reading about island hopping attacks...

What is a dropper?

What is a Trojan Horse?

Ransomware Attacker Stages (Click Here)...



CORE TO SECURITY: The CIA triad is a guiding principle that many organizations use to create their information security policies, processes and procedures... (Click Here)

CIA stands for confidentiality, integrity and availability. Each component of the triad plays an important role in maintaining data integrity...


What is the CIA Triad? Confidentiality, Integrity, Availability

02 - Security (CIA) Triad 

CIA Triangle: The Core of Cybersecurity 

Great ways to safely simulate and assess the risk of phishing success... (Click Here)

KnowBe4 can be used for security awareness that goes beyond end user and administrator education .  This service is a provides security awareness training with the added benefit of simulated phishing attacks . 

Aside from KnowBe4, there are open-source resources in place to help with phishing as well .  One example is Gophish, which allows you to create dashboards and send emails to see if your recipients will actually click on phishing emails .  You can set up a phish test in just minutes .

How do you write a Warning/Alert email about Ransomware to your Users? (Click Here)

How do you write a Warning/Alert email about Ransomware to your Users? by one2254 on Apr 8, 2017 - Spiceworks

Dear End User,

Ransomware is a type of encrypting malware that encrypts important company files and holds them for ransom. Ransoms typically range from hundreds to thousands of dollars. Cybercriminals made over $1billion dollars last year from businesses attacked by ransomware and since these cybercriminals have learned to monetize attacks; their frequency and severity of attacks will continue to grow exponentially. 

You should be aware that most ransomware attacks come in the form of an email attachment and you should exercise extreme caution when opening email attachments. Never open an attachment in an email you were not expecting to receive or that you do not recognize the sender. You should use the same caution when presented with URL's that you do not recognize or came from an unknown sender. 

With today's advanced ransomware techniques you only have to visit a website to become infected with ransomware. Let me make that clear. You DO NOT have to click anything on the website to infect the company with data encrypting ransomware. 

In 2017 alone:

These numbers are scary but important for you to know. As an employee of (company ABC) you are our first line of defense against ransomware. Please follow the best practices as outlined in this email to ensure you do your part to keep ransomware off the company network. Failure to do so could result in significant downtime and monetary cost to (company ABC) and we all need to be vigilant in stopping these attacks.

If you have further questions about ransomware and how you can help prevent it from infecting (company ABC)'s network; please reach out to support@companyabc.com or call the help desk at 1-555-555-5555.

Thank you,
IT Department

The FBI's Perspective on Ransomware (Click Here)


CLICK HERE additional information on Ransomware...

Keep in mind that...

Useful references...

FBI’s keys for protection...

BONUS: 20 Ransomware tips from Joe Marton and Rick Vanover... (Click Here)

NOTE: Please contact Randy Lee for specifics and the presentation in its entirety.