Predatar and Adicom© find ransomware files that other security products had missed.
On 15th June 2025, the team at Adicom received a real-time alert from Predatar relating to one of their customers. It said:
Predatar has identified a suspicious file named Ransom.HTML.LOCKY.SM.note in *Customer X’s* backup environment during the current scan process.
This file is a known ransomware-related HTML document typically used by the Locky ransomware family to deliver ransom instructions after encrypting files. Although this file appears to be a ransom note rather than active malware, its presence indicates that malicious activity may have occurred or may still be occurring in the environment or backups.
We recommend checking the original source of this backup data immediately to understand why the environment contains this file.
Predatar had only been installed on this customer’s environment for 6 days, and with the help of the built-in automation and AI, it had been systematically working through all of the backups – hunting down potential recovery issues and hidden malware.
Adicom’s Chris Hogrefe explains. “When it comes to cyberattacks, every second can count. We received a notification from Predatar, highlighting a potential issue before the scan of the compromised workload had even been completed.
The workload in question was a business-critical virtual machine based on VMWare. The very first time it was restored and scanned for malware signatures with Predatar, a potential problem was uncovered.
What had happened?
Back in 2016, the customer fell victim to a ransomware attack that resulted in the complete encryption of all company data.
As part of an extensive response and recovery process the IT infrastructure was rebuilt, and all ransomware files were manually removed. Or that’s what the customer thought…
Almost 10 years later, Predatar found an HTML file in a folder during its first scan, which was created during the attack. It included the original ransom demand message and payment information for decryption.
None of the antivirus programmes running on the customer’s IT networks had found these files or classified them as anomalies, yet thanks to the totally unique way that Predatar works, they were found and could be removed. The customer was able to breathe a sigh of relief and delete the last remnants of the ransomware attack.
Why does this matter?
In this instance, the malicious files were a legacy from a historic attack. They didn’t pose an active threat. But all-to-often, live malware does find its way into backup environments. In fact, Predatar has found malware in the backups of more than 80% of its customers. In many cases that malware did have the potential to cause serious damage.
Until now, Predatar had not uncovered malicious files that had been hidden for so long. This story goes to show that the cyber security practices that are typically used in businesses today are not as robust as they need to be.
Do you have malware in your backups?
The truth is, you simply don’t know if you have malware in your backups, but our stats suggests that you probably do. Not knowing is a big risk. Predatar uses some of the most sophisticated enterprises security tools and deploys them in a totally unique way to hunt-down threats that other solutions simply can’t find. Visit predatar.com to learn more, or book a demo here.
Adicom and Predatar
Adicom is a leading Backup & Recovery services provider in Germany. Thanks to their extensive technical knowledge and their relentless focus on customer experience they have been selected as one of Predatar’s elite APEX partner.s Together Adicom and Predatar is delivering unrivalled recovery confidence for medium and large enterprises in Germany.
“Predatar has already shown that even undetected malware anomalies can be found reliably and accurately. In addition, Predatar has once again shown that partnership, support and communication form the stable basis for a long-term relationship”
– Chris Hogrefe, Adicom
Learn more about Adicom’s services here.
