{
	"id": "90f9fa0f-a05f-4042-afff-55ba7e4346f5",
	"created_at": "2026-04-06T00:22:19.20896Z",
	"updated_at": "2026-04-10T03:20:53.018206Z",
	"deleted_at": null,
	"sha1_hash": "b3cffb4ab63e6b4323555a768ec5afea9070a160",
	"title": "Popular Backup Solution are Easily Disabled by Recent HILDACRYPT Ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 39042,
	"plain_text": "Popular Backup Solution are Easily Disabled by Recent\r\nHILDACRYPT Ransomware\r\nBy AcronisThreatResearchUnit\r\nPublished: 2019-10-24 · Archived: 2026-04-05 22:37:43 UTC\r\nAcronis True Image\r\nBackup and cybersecurity software you can trust\r\nWe recently analyzed a new ransomware strain named HILDACRYPT. As we explained, this ransomware\r\nspecifically targets backup and anti-virus solutions from vendors including Veeam, Symantec, Veritas, Carbonite,\r\nSophos, MBAM, McAfee, and ESET. While HILDACRYPT also targets Acronis solutions, our AI-based anti-malware defense that is integrated into Acronis Cyber Backup and Acronis True Image can detect this ransomware\r\nand stop the threat.\r\nWe decided to check a couple of backup solutions in the list to see what happens if there is a HILDACRYPT\r\ninfection on the machine.\r\nOur specialists installed the newest trial versions of Veeam Backup and Replication and Veritas BackupExec,\r\nand ran the HILDACRYPT ransomware sample we recently reviewed in our blog.\r\nUnfortunately for users of these products, the results are mostly not positive.\r\nVeeam Backup and Replication\r\nWhen hit with the HILDACRYPT ransomware, two Veeam services were stopped: vPower NFS Service and Data\r\nMover Service.\r\nAccording to Veeam, the vPower NFS Service enables the following features:\r\nRecovery verification\r\nInstant VM Recovery\r\nStaged restore\r\nUniversal Application-Item Recovery (U-AIR)\r\nMulti-OS file-level restore\r\nhttps://www.acronis.com/en-eu/blog/posts/popular-backup-solutions-easily-disabled-recent-hildacrypt-ransomware/\r\nPage 1 of 2\n\nThe Data Mover Service obtains job instructions and communicates with the source-side counterpart to begin data\r\ncollection. While copying, the source-side Veeam Data Mover performs additional data processing (filtering out\r\nzero data blocks, blocks of swap files and blocks of excluded VM guest OS files), compresses and deduplicates\r\nVM data blocks, and moves them to the target-side Data Mover Service.\r\nSince those tasks were stopped, we can conclude that any kind of restoration is unlikely to be successful after this\r\nattack. And if data is corrupted or encrypted, a machine or server won’t get data back in easy or timely manner.\r\nVeritas BackupExec\r\nThis test resulted in the worst-case scenario: ALL services were stopped by HILDACRYPT. After that, the bad\r\nguys can encrypt or delete the backups and do whatever they want with the data.\r\nHildacrypt closing down Veritas\r\nConclusion\r\nHILDACRYPT may be the newest example, but Acronis has warned users and companies for a long time that\r\nmodern ransomware strains are targeting backup software, files, and agents. For true protection of valuable data,\r\nmodern solutions must have the ability to protect themselves from these attacks.\r\nAcronis invested a lot of research and technology into countering this threat, which is why the integrated Acronis\r\nActive Protection technology has been proven in independent testing to give our solutions a high level of self-defense.\r\nUnfortunately, many of our competitors’ products do not deliver the same level of protection...which you ought to\r\nkeep in mind when choosing a solution to safeguard your valuable data.\r\nSource: https://www.acronis.com/en-eu/blog/posts/popular-backup-solutions-easily-disabled-recent-hildacrypt-ransomware/\r\nhttps://www.acronis.com/en-eu/blog/posts/popular-backup-solutions-easily-disabled-recent-hildacrypt-ransomware/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.acronis.com/en-eu/blog/posts/popular-backup-solutions-easily-disabled-recent-hildacrypt-ransomware/"
	],
	"report_names": [
		"popular-backup-solutions-easily-disabled-recent-hildacrypt-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434939,
	"ts_updated_at": 1775791253,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b3cffb4ab63e6b4323555a768ec5afea9070a160.pdf",
		"text": "https://archive.orkl.eu/b3cffb4ab63e6b4323555a768ec5afea9070a160.txt",
		"img": "https://archive.orkl.eu/b3cffb4ab63e6b4323555a768ec5afea9070a160.jpg"
	}
}