The Escalating War on Enterprise Backups — and How to Fight Back

According to recent research by Trend Micro, the ‘Agenda’ ransomware group (aka “Qilin”) has evolved its attack chain to focus on the “last-mile” of enterprise systems — namely backup infrastructures. They specifically target backup systems to harvest credentials, disable recovery options, and thereby magnify impact on critical infrastructure.

Since January 2025, the ransomware group has affected 591 organizations across 58 countries. Most victims were in the US, Canada, and UK – with financial services, healthcare, and manufacturing among the hardest hit.

According to the research, any environment using centralized backup solutions or hybrid Windows/Linux infrastructures is at risk.

Industry Report Reveals Widespread Risk 

While this may sound like a shocking statistic, this doesn’t come as a surprise. In Continuity’s annual primary research, The 2025 Security Maturity of Storage & Data Protection Systems, which assessed 323 enterprise environments encompassing 11,435 backup and storage systems, the findings were alarming:

Key Findings: 

• 6,085 distinct security issues uncovered – spanning over 390 failed security principles 
• On average, each backup and storage system contained 10 security risks, 5 of which were classified as high or critical 
• The most common risk areas included:
  • Authentication & identity management 
  • Access control & authorization gaps 
  • Unaddressed CVEs 
  • Improper use of ransomware protection features 
  • Encryption misconfigurations

This data reinforces the growing reality that most backup and storage environments remain significantly under-secured – despite mounting threats. 

The Trend: Targeting Backup as a Primary Attack Vector 

Attackers are zeroing in on backup systems as prime targets. Why? Because these systems are the last line of defense – and compromising them disables recovery, facilitates ransomware extortion, and opens pathways to broader lateral movement. 

One high-profile example: the largest data breach in history at UnitedHealth, where attackers successfully disabled their backup environment, preventing data recovery and causing months-long operational disruption. 

Why Backup Systems Are High-Value Targets 

Backup systems are foundational to enterprise data resilience. By compromising them, attackers can: 

• Neutralize recovery capabilities (especially in ransomware attacks) 
• Exfiltrate sensitive data 
• Destroy or corrupt primary data or backup data copies 
• Use these platforms as stealthy pivot points to compromise broader IT environments 

Despite their criticality, these systems are often under-secured. Many security teams lack visibility, tooling, or expertise to adequately defend them. 

Conclusion: The Back-End is Now The Front-Line 

The recent wave of attacks is a stark reminder: backup systems are not just infrastructure – they’re high-value assets under direct attack. It’s time they receive the same security scrutiny and operational rigor as front-line systems.

Tools like StorageGuard are critical in bridging this gap and defending one of the most vulnerable layers of the modern enterprise. 

StorageGuard is the only Security Posture Management solution purpose-built for enterprise backup, storage, and data protection systems.

It scans, detects, and prioritizes vulnerabilities, security misconfigurations, and compliance gaps across multi-vendor backup and storage systems, enabling organizations to proactively secure their critical data infrastructure.

By bridging the security visibility gap in backup and storage layers, StorageGuard empowers IT and security teams to identify and remediate risks before they impact data availability, integrity, or confidentiality – strengthening an often-overlooked but vital part of the enterprise attack surface.