Disk backup security is the weak link that ransomware attackers exploit every day—and most backup admins don't even realize it. In this episode, Curtis and Prasanna examine how the move from tape to disk-based backups created an unintended security gap that threat actors now target as their first priority.
The transition to disk brought real benefits: deduplication made storage affordable, replication eliminated the "man in a van" for offsite copies, and backup verification became practical. But disk backup security wasn't part of the original architecture. When backups lived on tape, physical access was required to destroy them. Disk backups sitting in E:\backups can be wiped out with a single command.
Threat actors figured this out fast. After gaining initial access, the first thing they do is identify and eliminate your backups. No backups means no recovery—which means you pay the ransom.
Curtis and Prasanna discuss the history of how we got here, why backups are now the number one target, and practical solutions including obfuscation, getting backups out of user space, and implementing truly immutable storage. The standard is simple: if you can't delete the backups, they can't delete the backups.
TIMESTAMPS:
0:00 - Episode intro
1:24 - Welcome & introductions
4:04 - Tape explained for the modern audience
9:07 - Why tape got faster (and problematic)
10:54 - The shoe-shining problem
12:27 - Deduplication changes everything
15:35 - Benefits of disk-based backup
20:29 - THE PROBLEM: RM -r / DEL .
23:43 - Backups are the #1 ransomware target
26:26 - Immutability as the solution
27:32 - Book: Learning Ransomware Response & Recovery
