Month: November 2025

Ransomware files were found hiding just out of sight in the backups of a European insurance company. They had been there, undetected, for almost 2 years.

On a quiet Friday afternoon in November, a small team from a major European insurance company were reviewing the results of a routine recovery test. They had recently introduced Predatar as part of a broader effort to strengthen their cyber resilience. Until then, they had relied heavily on their annual disaster recovery exercise as evidence that their environment could be recovered if needed. It was a long-established practice, familiar and predictable, but it had not kept pace with the reality of modern cyber threats.

Traditional disaster recovery procedures are built for outages and physical disruption. They focus on restoring services by failing over from one site to another. This approach works when the threat is external to the data. It does not work for ransomware. By the time an organisation triggers a failover from Site A to Site B, the ransomware has usually already replicated itself across both. Cyberattacks require a completely different mindset. Recovery must prove that the data itself is clean, safe and fit to return to production.

This was the reason the company had failed its recent cyber resilience audit. They had no reliable way to perform regular recovery testing. The engineering effort required to stand up clean environments, restore data, analyse behaviour and run malware scans was far beyond what their teams could sustain manually. In practical terms, they had no means of validating the integrity of their backups.

When they evaluated their options, Predatar stood out. It worked across all major backup and storage technologies, including the Veeam and IBM FlashSystem platforms already in place. It provided automated cleanroom validation at a scale that would have been unrealistic to achieve manually. Most importantly, it allowed the company to begin performing daily recovery tests, something that had previously been impossible.

They began with a small but critical subset of their systems, referred to internally as their Minimum Viable Company. These were the essential servers they would need to restore first in the event of a cyberattack in order to re-establish a basic, functioning version of the business. The early results were consistent, reliable and easy to interpret. They quickly took the decision to expand the testing to all backups and all servers.

Only a week after the full rollout, an automated recovery test inside the isolated CleanRoom surfaced something unexpected. Within a restored workload, Predatar identified encrypted files and a ransomware note. The files were not new, but they were remnants of a previous incident.

The company investigated and confirmed that they had suffered a ransomware attack two years earlier. A specialist incident response provider had managed the remediation at the time. However, this particular server had not been included in the cleanup. As a result, the encrypted files and the ransom note had remained unnoticed in production for almost two years.

The location of the server was also significant. It hosted the organisation’s SIEM and wider SecOps platform. Despite being a central point for security monitoring, neither the platform nor the additional security tools running on it had detected the remnants of the old attack.

The finding prompted a broader realisation. If this evidence of ransomware had remained hidden on a highly visible system, similar issues could easily exist elsewhere without detection. The value of continuous recovery testing became immediately clear. It provided visibility not only into whether data could be restored, but whether that data was genuinely safe.

Predatar’s ongoing analysis has shown that hidden malware is present in the backup data of the vast majority of organisations, with discoveries in more than ninety per cent of customer environments worldwide. This does not reflect a failure of security teams. It reflects the sophistication of attackers, the complexity of modern infrastructure and the limitations of relying on a single set of tools to identify every threat.

For the insurance company, continuous recovery testing is now a fundamental part of their cyber strategy. They have moved from annual exercises to daily assurance. They can verify the integrity of their backups with confidence. And they have a far clearer understanding of what it takes to recover safely in a world where cyberattacks often unfold long before they are detected.

Hunt down and eliminate recovery threats in your backups and snapshots.

To discover how you can start pre-emptive recovery testing in an easy to deploy Recovery Assurance CleanRoom, watch this short explainer video or contact the Predatar team.

Author: Alistair Mackenzie.

Within a year of the Berlin Wall coming down, two former East German soldiers set about building a new business. Fuelled by the optimism of the era and a passion for technology, ADICOM^© was born. 35 years later, it’s one of the most innovative storage and backup businesses in Germany, leading the way with ground-breaking recovery assurance services.

This week I took some time out to reconnect with two people that continue to drive the ADICOM_^© business forward every day. Chris Hogrefe [IT System Specialist] and Ralf Brummack [Chief Marketing Officer] told me the story behind ADICOM_^© and explained how they have embraced the bold optimism of the founders.

The Story Begins

Frank Lasinski and Peter Schulz met during their time in the military. They shared an interest in technology and studied computer science during this time. By the time Germany was reunified in 1990, the pair had become firm friends. Within a year of the Berlin Wall coming down, they had left the army to set up their own technology business in the south of Berlin.

In the early years, ADICOM_^© was a technology broker, specialising in reconditioning and selling the big IBM enterprise systems of the day – like Mainframe and AS/400.

More skills. More recognition. More customers

As the team grew, so did its expertise. The company’s ambitions grew too. By 1995, ADICOM_^© was recognised as a leading expert in IBM technology and became an authorised IBM Business Partner in Germany, authorized for AS/400, IBM Storage, IBM INTEL based servers and IBM Printing systems.

The team began reselling new IBM systems to medium and large enterprises in Berlin and beyond, expanding their capabilities to incorporate IBM AIX and Power systems.

Ralf Brummack explained: “Frank and Peter have always been quick to recognise new opportunities and move fast. They encourage us to do the same. We’re proud to be early adopters of innovative technologies that we know will make a difference to our customers.” 

When IBM moved into the backup software space with the acquisition of Tivoli, including TSM (Tivoli Storage Manager), ADICOM_^© was right there.

As well as reselling TSM (later renamed as IBM Storage Protect) ADICOM_^© launched managed backup and recovery services with TSM under the hood. Led by Chris Hogrefe, ADICOM_^©’s backup service offerings have proven to be popular with existing ADICOM_^© customers and have helped the business attract new clients too.

Evolution with Predatar

Backup sales and services were a great driver for growth at ADICOM_^© for more than a decade, but times have changed. “You can no longer grow a business selling backup products and services” Chris explains. “Today everyone has a backup solution in place, and for big businesses, moving to a different one is really hard and, in most cases, too expensive.”

Always looking for the next evolution, Chris was actively searching for ways to move ADICOM_^©’s backup services forward – to add more value for customers, and more differentiation in the marketplace. When he discovered Predatar at IBM Storage Expert event in Augsburg (Germany) in 2022 he knew it would be the beginning of something exciting.

Following an intensive hands-on technical bootcamp with the Predatar Team in UK, Chris and his team wasted no time in building the ADICOM_^© Data Resiliency Service (ADRS).

Data Resiliency with ADICOM^©

ADRS, powered by Predatar is available to businesses that use IBM Storage Protect or IBM Defender Data Protect backup software. Additionally, ADICOM_^© can also deliver this unique service for Veeam users too.

With ADRS, ADICOM_^© will take care of the day-to-day maintenance of your backup environment, ensure that all of your backup runs are successful, and fix any problems. But the real differentiation comes in ADICOM_^©’s ability to run continual recovery tests and malware interrogation. This capability is achieved with the Predatar Recovery Assurance platform and gives ADICOM_^© customers complete confidence in their ability to recover quickly, cleanly and completely in the event of a cyber incident.

What’s next for ADICOM^© ?

35 years on, the original founders of ADICOM_^©, Frank Lasinski and Peter Schulz remain active in their leadership of the business, and it’s clear from my conversations with Ralf and Chris that their bold approach to innovation, their passion for technology and their optimism for the future has become infused into culture at ADICOM_^©.

When I asked, “what’s next for ADICOM_^©?” the answer was simple. Chris explained “We’ll keep on innovating with a very clear focus. We want to be the best at what we do. We want to offer the very best storage and recovery solutions to tackle the challenges facing businesses in Germany today.”  

Boost your data resiliency with ADICOM^© 

If boosting resiliency in your business is a priority, you can find out more about ADICOM_^© at www.adicom.group or email the team at consulting@adicom-group.de 

Find an APEX partner near you.

The Predatar APEX program is a global network of service providers with elite data resiliency capabilities. Find an APEX partner in your region here.