Book demo
09 January 2025

Is Your AIX Environment Safe from Ransomware?

AIX systems are often the IT backbone of medium and large enterprises. They power everything from critical financial systems to supply chain operations to industrial controls. Uptime is non-negotiable. However, while organisations have invested heavily in safeguarding virtualised environments and primary storage snapshots, AIX has often been left behind.

This isn’t an oversight, it’s due to technical hurdles. The proprietary nature of AIX systems combined with their complexity, has made it difficult to perform recovery testing at scale. As a result, many businesses have no choice but to simply hope that their AIX backups will work when disaster strikes.

The AIX myth.

You’ve probably heard this one…

The often-accepted logic suggests that ransomware gangs are most interested in hitting the most widely used platforms like Windows and VMware, and that AIX simply doesn’t have the footprint to be worthwhile for attackers. While there is sense in the logic, it’s not that black and white.

While AIX might not be as prevalent as Windows or VMware; for the businesses that rely on it, AIX often holds the crown jewels of their data. Take down the AIX, and many organisations will be left totally unable to operate. Retail businesses will be unable to transact. Hospitals will be unable to access patients’ medical records. Production lines will grind to a halt.

Attackers want to cause maximum disruption in order to increase the size and likelihood of a ransom payout. When it comes to targets, AIX is a bullseye.

This isn’t just theoretical. There’s a growing trend of ransomware groups creating variants or modules to reach into UNIX-based systems, including AIX. Ransomware families like DarkRadiation and RansomEXX have already been engineered to strike Linux environments, meaning an AIX variant is just a tweak away. And given the potential payout from infiltrating the kind of critical data managed on AIX, it’s only a matter of time before ransomware gangs prioritise this OS.

More than just a good practice

AIX systems tend to be found in industries with high-value, business-critical data like finance, healthcare, and manufacturing. It’s no coincidence that these are the 3 industries most targeted by ransomware attacks, and no coincidence that these are amongst the most highly regulated industries.

With a raft of operational resilience regulations coming into force around the world (DORA, FISMA, PRA, and NIS2 to name a few), proof of effective recovery from AIX is becoming more than just good practice. For lots of organisations – it’ll be mandatory.

IBM and Trend Micro: Fortifying AIX and SAP Environments on Power

IBM’s collaboration with Trend Micro to bring Trend Vision Oneâ„¢ to Power servers reinforces the critical point… AIX isn’t immune to ransomware or cyber threats. Trend Vision One’s SAP Scanner, integrated with SAP NetWeaver and SAP HANA, actively scans for hidden threats, showing IBM’s commitment to securing these high-value environments. If AIX were untouchable, this level of security wouldn’t be necessary. For organisations relying on AIX for sensitive data, IBM’s partnership with Trend Micro validates the importance of a robust, proactive approach to cyber resilience.

Predatar’s Approach to Validating AIX Cyber Resilience

At Predatar, we’ve also taken up the challenge. Our latest product release, R17.3 Viper, brings Predatar’s full Recovery Assurance capability to AIX workloads. Customers heavily invested in IBM storage tech can now validate the cleanliness and recoverability of their Storage Protect/Plus VMs, their FlashSystem Safeguarded Copies and their AIX backups with a single Predatar licence and one Predatar CleanRoom.

AIX customers with multi vendor storage environments benefit from this release too. Predatar supports Veeam, Rubrik and Cohesity backups, and immutable Pure Storage snapshots too.

Our approach leverages the power of Predatar’s Auroraâ„¢ AI, to continuously monitor and test backup environments, flagging potential threats and validating recovery workflows. In a world where ransomware attacks are increasingly sophisticated, it’s more important than ever to know that your backups are not just complete – but clean and secure.

The Importance of Scanning Backups

When ransomware strikes, it doesn’t always attack production data first. Sometimes it sneaks into backup data, hiding until an attempted recovery brings the infection back into the environment. Scanning backups of AIX is about making sure that in the worst-case scenario, when an organisation is recovering, it’s truly safe. A comprehensive scan can prevent re-infection, validate the security of recovery copies, and ultimately serve as the final line of defence against sophisticated ransomware strategies.

In short, for those organisations relying on AIX to protect their most valuable data, the stakes are too high to overlook cyber resilience.

Final Thoughts

The risk of ransomware is real and it’s growing. Cybercriminals will increasingly focus on big, critical targets, including AIX environments. By leveraging solutions like Predatar and IBM’s and Trend Micro’s Trend Vision One, organisations can gain confidence in their ability to detect, prevent, and recover from ransomware threats targeting AIX.

Protect your AIX systems like the crown jewels, because to a ransomware gang, that’s exactly what they are.

Visit the Predatar website to find out how Predatar can give you recovery confidence.

Learn more about
Predatar recovery assurance