dormant ransomware?

[M4rco]

We are investigating ransomware attack vectors in relation to our Veeam backup setup.

I have one specific scenario for which I am unsure if it really exists.

Are there known examples of ransomware in the wild which stays dormant and do not make themselves known but do actually encrypt all data in a transparent way (compare bitlocker encryption) so the enduser can still use its data? Such a type of ransomware only has to wait for the used backup retention period to make all available backups unusable (as all backups contain encrypted data).

Is this a real threat scenario we need to consider?

[LickABrick]

Not sure if this type of ransomware exists. But VeeamOne should be able to detect this. If the VM is encrypted the data blocks change.
The next backup of the server would be a backup with a lot of changed data. If correctly configured VeeamOne can notify you about this sudden change in backup data.

[M4rco]

Thank you for responding. I am aware of monitoring data change rate as a method of potentially detecting ransomware activity.

Maybe somebody from Veeam can share their experience if this type of dormant ransomware threat actually exists? Maybe I am just chasing ghosts in this...

[M4rco]

Is there anybody else who can share their views on this dormant ransomware threat scenario? Or should I open a support case for this type of question?