Thinking about ransomware

Welcome back, and welcome to 2022! To kick off the new year, we thought we could share some news, blog posts, and projects related to protecting your cluster from ransomware.

Issue #150

This is an interesting (and not Kubernetes-specific) writeup from Google of recent trends in ransomware attacks. While it looks like the volume of attacks has slowed down since early 2020, security is about maintaining vigilance and a proactive posture. Keep reading this issue and doing research to make sure you and your environments are doing as much as you can to defend against ransomware in your organization. 🔐

While this post from Microsoft does turn into a focus on their tools, there is a great runbook defined in this writeup. When you suspect that someone is in your systems, you don’t want to be figuring out how to respond, you should be able to focus on following a written and well designed procedure. Defining and creating these procedures while you are not under attack gives you the space to build a good playbook, so get to work! 📋

There’s some (hopefully obvious) advice in this post. At the core of your defensive posture should be good backups and the policies around them. Of course the best way to understand if you have good backups is testing and restoring them before there is a problem! Also, we agree that investing in the latest cloud native tooling is a good idea. If ransomware is keeping you up at night, check if you have these basics covered.

If you missed it, Siloscape hit the news mid-2021 as an exploit in Windows containers. This end of year writeup focuses on configuration (or misconfiguration) of Kubernetes clusters as an attack vector. I think this quote sums up this article: “Still, the importance of proper configuration of each Kubernetes cluster cannot be overstated.” 🌚

Adopting Kubernetes and cloud native infrastructure can be a great building block to stay secure, but it’s not enough unless you still focus on security. Consider the attacks in here, such as “...finding a Kubernetes cluster with an unauthenticated endpoint or an unpatched vulnerability on a Docker server accessible with an Internet connection represents a particularly attractive target.” 🎯

The title here is a little click-baity. We hope nobody thinks that Kubernetes actually protects anyone (including Enterprises) from ransomware. But it’s a good starting point and platform to build on. This post is focused on data management, which is a good place to start when thinking about ransomware.

We love digging in and reading the annual report from the CNCF. There’s some impressive growth and it’s great to see the numbers. 📈