Technical | September 16, 2023 3 min to read

Using Kasten K10 for Ransomware Attack Prevention

Download trial
Matt Bator Matt Bator

Ransomware attacks are on the rise – in 2021, the number of ransomware attacks rose by 92.7% compared to 2020 levels, with 2,690 attacks reported. In this short article, we’ll show you how Kasten K10 by Veeam can be leveraged to detect a common ransomware pattern in order to prevent data loss or corruption. 

 Follow along and get a visual by watching this demo video. 

In the upper right of the screenshot is the Kasten K10 UI. Underneath is the terminal and on the left is the Falco dashboard. Falco is a helpful sidekick utility that’s used to display a real-time livestream of events that we want to detect: 

Say a bad actor phished an admin and now has unrestricted access to Kasten K10. The attacker will first look to see what applications they have access to. You can see that they now have access to application namespaces: 

In this scenario, the nginx server provides a frontend GUI, and the attacker wants to disrupt it because it serves revenue-generating activity. With unrestricted access, the attacker may look to see what restore points are available: 

Once the attacker starts to discover data, the events pop up in near real time:   

This detection policy has been written to be aggressive in detecting when an attacker could be performing discovery to determine the level of protection for the application:   

The next step an attacker would want to take is to destroy the backups in preparation for a ransomware attack. They could attempt this action either via the Kasten K10 web interface or, as shown below, using the Kubernetes API: 

In the Falco UI, we can see that these events have been detected: 

In order to prevent this deletion, backup exports should be stored on immutable storage. Immutability is supported by Kasten K10 in both S3 and Veeam Hardened Repository locations. If immutability were enabled in this scenario, the failed attempts to delete K10 RestorePoints would be a strong early indicator of compromise. 

We hope you’ve enjoyed this quick look at how Kasten K10 helps to detect and analyze ransomware attacks in real time. Learn more about using Kasten K10 for ransomware protection, or start your free trial today. 

 

#1 Kubernetes Data Protection
Free
#1 Kubernetes
Data Protection
Download now
Matt Bator
Matt Bator
Matt is a 15+ year IT veteran with a passion for educating others about emerging technologies. From roles in development, to sales, to enablement, Matt’s career has continually focused on creating connections between customer value and technical problem solving. His work at Kasten includes designing and delivering training on Kasten’s product and Kubernetes ecosystem for employees, partners, and the community. Matt holds a bachelor’s degree in Computer Engineering from Northeastern University.
More about author
Previous post Next post
Tags
Kubernetes
Similar Blog Posts
Business | July 16, 2024

Veeam Kasten V7.0 is FIPS 140-3 Compliant

Read more
Technical | July 10, 2024

Understanding Virtualization and Containerization

Read more
Business | July 4, 2024

Cloud-native Security for Kubernetes: The Proactive Guide to Resilient Applications

Read more
Stay up to date on the latest tips and news
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
You're all set!
Watch your inbox for our weekly blog updates.
OK