New initiative delivers real-world ransomware research and recovery guidance to strengthen enterprise cyber preparedness

Druva, a leading provider of data security, today announced the formation of Druva ReconX Labs, a dedicated security research unit focused on advancing cyber resilience by strengthening ransomware preparedness and post-breach recovery. Built on anonymized telemetry from Druva’s SaaS ecosystem and insights from years of ransomware recovery engagements, ReconX Labs delivers practical, high-fidelity intelligence that strengthens ransomware defense and supports rapid, clean recovery.

Ransomware threats are becoming more aggressive — targeting backups, evading detection, and delaying recovery. Traditional security tools, often disconnected from recovery operations, focus on protecting the perimeter rather than accelerating recovery. As a result, IT and security teams may miss early warning signs and struggle to isolate clean data for recovery. ReconX Labs aims to address these gaps by continuously analyzing attacker behavior, delivering actionable research and integrating intelligence into the Druva platform to automate detection, accelerate clean recovery, and improve operational readiness.

“Druva ReconX Labs was born from our deep experience helping customers respond to ransomware attacks,” said Shankar Subramaniam, VP & GM of security products at Druva. “This isn’t theory, it’s what we’ve seen work in real incidents. ReconX is designed to fill a critical gap by delivering intelligence that can improve post-breach processes, such as identifying the blast radius and knowing what’s clean and when to restore. That intel is designed to not only strengthen Druva's platform capabilities, but also supports the community with practical, post-breach guidance to support recovery outcomes."

A Practical Approach to Threat Intelligence and Recovery

Druva ReconX Labs operates globally with a team of experienced security researchers focused on:

• Investigating ransomware campaigns and analyzing evolving attacker behavior.
• Developing adversary profiles and attack signatures for proactive detection.
• Generating risk insights and actionable indicators of compromise (IOCs).
• Validating clean recovery workflows through retrospective analysis.

All research is rooted in deep expertise in post-infection response and conducted on encrypted, isolated environments within the Druva Data Security Cloud. ReconX Labs publishes key findings to equip the broader security and IT community with post-breach intelligence and recovery guidance. For customers, this intelligence is also integrated into the platform to enhance threat detection, improve recovery capabilities, and strengthen operational resilience.

Supporting Community-Driven Resilience

Alongside ReconX Labs, Druva is introducing the Ransomware Recovery Hub, a community-driven knowledge base designed to support post-breach cyber response and recovery. The Ransomware Hub will allow experts and practitioners to share best practices and up-to-date information from a regulatory and compliance perspective. The hub includes:

• Recovery playbooks based on real-world incidents.
• Readiness checklists and forensic investigation templates.
• Continuously updated guidance based on evolving threat tactics and backup telemetry.

Together, ReconX Labs and the Ransomware Recovery Hub were created to provide IT, security, and backup teams with practical threat intelligence and structured recovery frameworks — enabling faster incident containment and reliable restoration from verified clean backups.

Advancing Resilience Through Product Innovation

Druva is also launching new product capabilities that bring ReconX Labs intelligence into everyday operations. These capabilities are designed to help organizations reduce cost, complexity, and response time in the face of escalating ransomware risk:

• Data Anomaly Detection, now Agentless: Druva’s anomaly detection for virtual workloads is now fully agentless — offering zero-touch, cloud-based protection without the need for agents, credentials or complex setup.
• Managed Data Detection and Response (MDDR) with Safe Mode: AI-powered, 24x7 threat monitoring combined with instant, self-service containment to shorten incident response and safeguard critical backup data against threat actor activities like deletions, policy changes, or unauthorized access.
• Cyber Resilience Scorecard: A new onboarding experience provides a guided workflow to certify that cyber resilience features are correctly configured. From day one, users receive a real-time readiness score, empowering them to continuously monitor and maintain their cyber resiliency posture.
• Recovery Intelligence: Makes every recovery a cyber recovery. Allows users to visually identify ideal restore points based on anomalous data activity, presence of IOCs, and observance of encryption activity.

These capabilities are available now, delivered natively through Druva’s cloud platform. With built-in protection that’s always on and always up-to-date, organizations gain faster recovery, clearer threat visibility, and stronger cyber resilience — without added complexity.

Additional Resources

• To learn more about Druva’s security research unit, visit the ReconX Labs website.
• Explore Druva research on cyber resilience gaps, and the steps your organization can take to stay ahead of emerging threats.
• Explore, contribute to, or apply insights from the Ransomware Recovery Hub.
• To learn more about MDDR with Safe Mode, Data Anomaly Detection, Cyber Resilience Scorecard and Recovery Intelligence, please visit the website.

About Druva

Druva is the leading provider of data security solutions, empowering customers to secure and recover their data from all threats. The Druva Data Security Cloud is a fully managed SaaS solution offering air-gapped and immutable data protection across cloud, on-premises, and edge environments. By centralizing data protection, Druva enhances traditional security measures and enables faster incident response, effective cyber remediation, and robust data governance. Trusted by nearly 7,500 customers, including 75 of the Fortune 500, Druva safeguards business data in an increasingly interconnected world. Visit druva.com and follow us on LinkedIn, X (formerly Twitter), and Facebook.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250909959584/en/