Using Kasten K10 for Ransomware Attack Prevention

Ransomware attacks are on the rise – in 2021, the number of ransomware attacks rose by 92.7% compared to 2020 levels, with 2,690 attacks reported. In this short article, we’ll show you how Kasten K10 by Veeam can be leveraged to detect a common ransomware pattern in order to prevent data loss or corruption. 

 Follow along and get a visual by watching this demo video. 

In the upper right of the screenshot is the Kasten K10 UI. Underneath is the terminal and on the left is the Falco dashboard. Falco is a helpful sidekick utility that’s used to display a real-time livestream of events that we want to detect: 

Say a bad actor phished an admin and now has unrestricted access to Kasten K10. The attacker will first look to see what applications they have access to. You can see that they now have access to application namespaces: 

In this scenario, the nginx server provides a frontend GUI, and the attacker wants to disrupt it because it serves revenue-generating activity. With unrestricted access, the attacker may look to see what restore points are available: 

Once the attacker starts to discover data, the events pop up in near real time:   

This detection policy has been written to be aggressive in detecting when an attacker could be performing discovery to determine the level of protection for the application:   

The next step an attacker would want to take is to destroy the backups in preparation for a ransomware attack. They could attempt this action either via the Kasten K10 web interface or, as shown below, using the Kubernetes API: 

In the Falco UI, we can see that these events have been detected: 

In order to prevent this deletion, backup exports should be stored on immutable storage. Immutability is supported by Kasten K10 in both S3 and Veeam Hardened Repository locations. If immutability were enabled in this scenario, the failed attempts to delete K10 RestorePoints would be a strong early indicator of compromise. 

We hope you’ve enjoyed this quick look at how Kasten K10 helps to detect and analyze ransomware attacks in real time. Learn more about using Kasten K10 for ransomware protection, or start your free trial today. 

 

#1 Kubernetes Data Protection and Mobility
Free
#1 Kubernetes Data Protection and Mobility
Tags
Similar Blog Posts
Business | December 3, 2024
Business | November 18, 2024
Business | November 13, 2024
Stay up to date on the latest tips and news
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
You're all set!
Watch your inbox for our weekly blog updates.
OK