Ransomware groups are no longer just encrypting data — they’re going straight for the backups. And if those backups aren’t properly protected, recovery becomes impossible, and ransom payouts more likely. In this episode, we dive deep into how threat actors are exploiting critical vulnerabilities in widely used backup systems, focusing on the recently disclosed CVEs affecting Veeam Backup & Replication.
We explore CVE-2025-23121, a critical remote code execution flaw already being weaponized in the wild, and CVE-2025-24287, a privilege escalation vulnerability that opens the door for deeper compromise. These aren’t theoretical risks — these are the exact tactics used by ransomware groups like Cuba and FIN7 to dismantle organizations’ last lines of defense.
The discussion goes further into why backup hardening isn’t optional anymore. We break down what it means to implement the 3-2-1-1-0 backup strategy effectively and why immutability, offsite storage, and automated testing are the bare minimum for survival. You’ll also hear hardening best practices — directly from real-world sysadmins — including isolating Veeam servers from the domain, restricting access with the principle of least privilege, and enforcing MFA.
But protection doesn’t end at backups. We unpack broader ransomware defense strategies: network segmentation, browser isolation, file integrity monitoring, and behavioral logging through SIEM and EDR platforms. Learn how honey files, malware detonation environments, and strict firewall rules are helping defenders detect and contain attacks before they spread.
This isn’t about theory. This is about what ransomware operators are doing right now — and what it takes to stop them.
If you’re running backups without verification, hosting Veeam on a multi-role domain-joined server, or delaying critical patches, this episode is your wake-up call.
