Veeam Backup and Replication is a secondary target in INC Ransomware campaigns: after gaining initial access via Citrix, Fortinet, or SimpleHelp exploitation, INC operators deploy a custom credential dumper specifically targeting Veeam’s backup authentication stores. No new CVE affects Veeam directly this week, but Veeam’s role as a ransomware-specific target makes backup infrastructure protection a critical defensive action for any organization running Veeam.