Backmydata ransomware


Backmydata ransomware targets Remote Desktop Protocol (RDP) vulnerabilities, including weak credentials. Upon gaining a foothold, Backmydata establishes persistence, disables firewalls, encrypts, and exfiltrates data. It also deletes backups to prevent victims from restoring their systems without paying the ransom. It was linked to the Romanian hospitals attack in Feb 2024.

Incidents Caused by this Malware

Threat Actors Known to use this Malware

No threat actors identified