Month: October 2025

At Predatar, we’re getting into the spooky season by watching some of our favourite scary movies. Here are five lessons from the original 1996 Scream movie to help you avoid a digital bloodbath.

⚠️ Warning! This blog contains spoilers. But seriously, if you haven’t seen Scream, where have you been for the last 29 years?

Locking the door isn’t enough

Countless times in this classic slasher movie, a door is locked to keep the killer out – but moments later, he’s inside, knife in hand, ready to strike. If you’ve seen Scream, you’ll know how he does it, but that’s not really important here. The point is this:

If someone really wants to get inside, they will.

Cybercriminals are just as determined, creative, and motivated. You might think your IT perimeter is locked down with leading enterprise cybersecurity tools, but the evidence tells us these defences are far from infallible – especially when you consider that over half of ransomware attackers use compromised login credentials to gain access to critical systems.

Hackers don’t hack anymore. They log in.

Lesson #1: Prepare for the breach. You need to know exactly how you’ll respond when the bad guys get in – because we all know that running up the stairs in a panic never ends well.

Anyone can be next

Just as certain industry sectors are at high risk from ransomware attacks, the Ghostface slasher in Scream has a “type”. Most of his victims are teenage girls (and their boyfriends), but there are a few exceptions. Principal Himbry of Woodsboro High School, for example, meets a particularly messy end when he’s stabbed in his office and left hanging from the football goalposts.

Does his murder drive the plot? Not really. But it adds tension, and reminds us that the attacker is calling the shots. He’s unpredictable. Anyone could be next.

When it comes to ransomware, the same is true. While industries such as manufacturing, financial services, healthcare, and utilities are at highest risk, the reality is that any organisation can be hit.

Lesson #2: Don’t be complacent. Face up to the fact that your organisation could be a target.

Attackers do their homework

In the opening (and, in our opinion, the most intense) scene, the phone rings. The sinister voice on the other end walks Casey through a sequence of ‘games’, culminating in the gruesome deaths of her and her boyfriend, Steve. The double murder takes just minutes to play out – but it’s been planned impeccably.

The attacker knows everything about the victim and her home. He knows the floor plan. He knows where the exits and light switches are. He even knows how she’ll react to certain triggers.

Just eleven minutes after Casey first picks up the phone, her disembowelled body is hanging from a tree while her boyfriend sits duct-taped to a deckchair, his vital organs exposed. But here’s the thing, for that attack to run like clockwork, there had to be weeks of surveillance and planning.

That’s the modus operandi for ransomware attackers, too. They conduct detailed reconnaissance before executing a clinical and devastating attack.

In more than 90% of ransomware incidents, surveillance tools such as keyloggers and infostealers have been found inside victims’ systems. If you can catch attackers in this reconnaissance phase, you can stop an attack before it begins.

Lesson #3: Assume you’re already under surveillance. Look for the digital clues of hacker reconnaissance in your IT environment – every day.

The odds are against you

For the masked slasher, each murder is a game – but it’s a game he’s designed himself, so the odds are stacked in his favour. This is best illustrated when he tells Sidney,

“I ask a question… Get it wrong, you die. Get it right, you die.”

All too often, ransomware attacks are lose–lose situations too. Paying the ransom doesn’t guarantee anything. Of the organisations that pay, only 8% get all of their data back.

Worse still, double extortion is now commonplace. Even if you’re “lucky” enough to have your data decrypted after paying a ransom (which typically costs more than $1 million USD), the attackers may deliver a second ransom demand – threatening to publish your sensitive data on the dark web.

But – big spoiler alert –Sidney doesn’t die. She outsmarts the attackers. She refuses to play their game. And you can too.

The best way to survive a ransomware attack is to stop the game before it begins. Thanks to Predatar’s recovery-driven threat detection, you can detect and prevent attacks before they start.

Lesson #4: Think differently. Outsmart the attackers with new and innovative solutions.

Timing is everything

The attacks in Sidney’s and Casey’s homes take place when their parents are out — they’re home alone. Of course, this isn’t a coincidence; it’s an integral part of the killer’s plan.

Ghostface strikes at carefully chosen moments to maximise his chances of success and minimise the risk of intervention.

Cybercriminals do the same. It’s no coincidence that there’s a spike in reported cyberattacks during public holidays, when most organisations are shut down or operating with skeleton staff (Halloween pun not intended).

A rapid response to an active cyberattack dramatically reduces its impact. In a cyber crisis, every minute counts. But when your staff – including IT and security teams – are offline, those response times are significantly extended.

Lesson #5: Act now. The biggest holiday season of the year is just weeks away, but it’s not too late to stop an attack with pre-emptive, recovery-driven threat detection.

Join the next Predatar Webcast – and avoid a digital bloodbath

Join the next Predatar webcast to:

• Hear about a real world use-case where hacker’s surveillance tools were uncovered inside a customer’s storage environment thanks to pre-emptive data validation.
• Discover how automated recovery testing and malware interrogation in a CleanRoom can stop cyberattacks, before damage is done.
• Learn how you can deploy your own Recovery Assurance CleanRoom quickly and easily.

---

Learn More and Register Now

Why STORServer and Predatar Are Building the Future of Resilience Together.

All too often, companies stick to what’s easy. They take the path of least resistance. But the history of STORServer is different. For more than 30 years, the company has built its reputation on saying “yes” to the hard problems – tackling the complex, stubborn challenges that other vendors would rather avoid. Why? To make life simpler for their customers.

That ethos has shaped STORServer into what it is today: a trusted partner to organizations that depend on backup and recovery not just as a compliance checkbox, but as the lifeline of their business. And it’s why the company’s partnership with Predatar feels less like a transaction and more like a shared mission.

Built on a Big Idea: Simplifying Backup

When STORServer was founded in Colorado in the mid-1990s, backup was overwhelming for most IT teams in a small and mid-sized business. Dropping in massive, complex systems was a recipe for frustration.

STORServer’s solution was radical in its simplicity: deliver pre-configured appliances that worked out of the box, with built-in tools and responsive support. Customers could finally stop wrestling with backup and start trusting it.

That commitment to simplicity, backed by deep technical expertise, became STORServer’s DNA. It’s a mindset that Predatar shares, as both companies look to simplify one of today’s hardest challenges in IT: building cyber resilience.

Legacy Matters. But So Does Innovation

One of the most powerful examples of STORServer’s “yes” mindset is its ongoing support for legacy systems like VMS. While many backup vendors have walked away from supporting those environments, STORServer still invests in building and maintaining tools to protect them.

As Scott Jangro, STORServer’s Head of Operations, put it:

“Supporting those legacy systems is important for us. We’re still actively developing VMS backup clients so customers can work those systems into their overall strategy.”

At the same time, STORServer isn’t standing still. With Predatar, the company is now applying its proven appliance model to cyber resilience, creating clean room recovery appliances that make one of today’s most complex challenges—bouncing back after a cyberattack—far more manageable.

A Meeting of Minds: Fresh Perspectives and Deep Roots

STORServer’s story is not just about technology, but about people. After decades of leadership that began with six founders – three of whom continue to guide the company today – Jangro has stepped in to help to take the business into its next era. His background – spanning SaaS, startups, and product marketing – brings a fresh perspective that complements the deep experience of the long-standing team.

He sees his role as asking the hard questions, just as Predatar’s leaders once did when they challenged traditional views of backup.

“There’s only upside in bringing in a fresh pair of eyes,” Jangro said. “Asking questions, identifying things that maybe haven’t been thought of—that’s how we move forward.”

It’s this balance of deep heritage and fresh energy that makes the Predatar and STORServer partnership so powerful.

Saying Yes Together

At its heart, the partnership between Predatar and STORServer is about giving customers confidence in a world that’s only getting more complex. STORServer’s legacy is built on decades of saying yes to tough backup problems. Predatar exists to tackle the hard new problem of cyber resilience.

Together, they’re offering businesses something unique. STORServer’s new Cleanroom Appliance ships with Predatar’s unique Recovery Assurance capabilities baked-in.

If you’re looking to remove the complexity of cyber resilient backup and recovery in your organisation, ask the team at STORServer if they can help.

I think we all know the answer is yes!

---

Learn more:
Discover STORServer’s cyber-resilient backup appliances, powered by Predatar here or contact the STORServer team today!

Predatar is all about recovery readiness. Our unique Recovery Assurance Software and CleanRoom technology has been designed to validate the recoverability and cleanliness of your data before a crisis hits. But Predatar has an extra superpower. And it’s huge!

This week, Predatar uncovered a live and potentially very serious cyberattack in the early stages – inside a customer’s IT environment. By raising the alarm, the infrastructure and cyber security teams in the target organisation were able to take action – and stop the attack in its tracks.

The Target Organisation

The target of the cyberattack is a local government organisation in Austria. Predatar Recovery Assurance software and a Predatar CleanRoom were deployed around a year ago to continually validate immutable snapshots of their most important business systems – which are running on IBM FlashSystems. If these systems went offline, services that citizens rely on would be seriously disrupted, including public transport, law enforcement, emergency response and more.

What Happened?

During a routine scheduled scan, Predatar uncovered malware inside a snapshot that had not previously been detected anywhere else in the customer’s IT environment.

As usual, Predatar began to clean the malware from the snapshot and immediately raised an alert with both the infrastructure and cyber security teams with the customer organisation.

Further investigation quickly revealed that the malware posed a real and very imminent threat.

The Attack

Thanks to the built in Trend Micro cyber security tools, Predatar had found hacking tools on a virtual machine within a snapshot. The VM didn’t contain business-critical data and was considered by the customer to be a low-priority workload. As a result, it didn’t have the same security protocols as other more critical workloads, and patching best-practices hadn’t been maintained.

The malware that was uncovered included ‘tunnelling’ tools designed to help hackers achieve lateral movement within an IT environment. It quickly became evident to the team investigating the threat that hackers were actively using this unassuming Linux server as a ‘jump box’ to access more critical systems.

Thanks to Predatar, the customer was able to take the compromised system offline, execute forensic analysis of their networks to understand if the hackers had managed to gain access to other systems, and contain the threat.

Boom Avoided

The moment that attackers ‘activate’ a cyberattack is often referred to as ‘The Boom.’ That’s when data becomes encrypted, users are locked out, and systems go offline. But cyberattacks don’t happen instantly. Typically, attackers have access to IT systems for at least 14 days before they activate the attack. During this ‘Pre-Boom’ phase attackers deploy specialised tools to gain access to as many systems as possible, to elevate their privileges, and to lay the groundwork for maximum damage.

By identifying an attack in the ‘Pre-Boom’ phase, Predatar was able to avoid a ‘Boom’ event altogether.

The Predatar Superpower

First and foremost, Predatar is designed to give its users total confidence in their ability to execute a fast, clean and complete recovery. While threat detection is not the primary purpose of Predatar, it’s a extremely valuable superpower! 

Is a ‘Boom’ comming in your organisation?

Join our next webcast, ‘Stop the Boom… Before it Happens‘ to learn more about the timeline of cyberattacks, and how you can stop them before the critical ‘Boom’ moment.

Sign up now