Ransomware Detection for your Cloud-Native Workloads

It is well-known that traditional applications are widely susceptible to ransomware attacks, and Kubernetes environments are no different. In 2020 alone, there were 304 million ransomware attacks worldwide — a 62% increase from 2019 with the average amount of ransom demanded over a whopping 178,000$

So how can Kubernetes applications become vulnerable?

In the last few years, Kubernetes has been adopted by a majority of companies as their default container orchestration tool. Most enterprises are now comfortable with running applications and services in the cloud. However, Kubernetes applications are still at risk of becoming vulnerable to attacks.

This vulnerability in applications can be due to any of theses following reasons:

• Open-source or depreciated libraries being used in developing Kubernetes applications.
• Misconfigured access permissions which can be exploited, either accidentally or maliciously, and criminals may seize control of your entire cluster or application.
• As Kubernetes is updated quarterly, not staying on top of these quarterly updates and patches may result in applications containing vulnerabilities.

On top of all this, there are not many solutions readily available providing timely alerts of such attacks on your Kubernetes environment.

Introducing Ransomware Detection by Wanclouds

Powered by Wanclouds SaaS-based automation suite VPC+, Wanclouds’ DRaaS makes backups immutable as well as monitors Kubernetes deployments for attempted ransomware attacks thus improving the recovery point objective in the face of escalating threats. Wanclouds utilizes this approach to proactively detect the systems for any integrity violations, leading to improved response time, reduction of data loss, isolation of infected infrastructure, and the ability to restore the latest backup rapidly. This is a vast improvement upon legacy backup and disaster recovery approaches. Businesses often only become aware of a breach when the attacker encrypts their network, and the company is forced to restore and recover from a much older backup.

VPC+ DRaaS helps protect your environments from attacks by giving you the ability to create backups, and provide you timely alerts on potential ransomware attacks thus increasing your response time and reducing your time to recovery.

Below are some highlights of the offering:

• Create scheduled backups with your desired policies.
• The backups themselves are created and stored as immutable objects in your cloud environment.
• Restore from any of the backups in case of any disaster or data loss.
The detection feature provides you a timely warning in case the system or our data comes under ransomware attack.
• Real Time Monitoring of the cluster for any ransomware activity.
• Turn on or off the ransomware policies on-demand.
• Receive timely alerts via email or slack of the infected system in case of a potential attack.

This early detection prevents the backups from being overwritten due to the user's backup rotation policy thus allowing the user to isolate the affected system and quickly restore from recent backup avoiding further data loss.