Help Center> Host Security Service (New)> Best Practices> Best Practices for Defense Against Ransomware> Huawei Cloud Ransomware Prevention Solution (HSS+CBR)> Enabling Ransomware Prevention and Backup
Updated on 2024-05-14 GMT+08:00
View PDF

Enabling Ransomware Prevention and Backup

Once being attacked by ransomware, we need to identify and isolate ransomware and back up and restore service data in a timely manner. HSS uses ransomware detection engines and dynamic honeypots to prevent ransomware from intruding your system, encrypting data, or spreading to other devices. HSS can detect and remove ransomware in seconds, back up and recover service data in minutes, and provide industry-leading ransomware prevention and control capabilities.

You can enable ransomware prevention and backup to defend against ransomware attacks and reduce service loss risks, enhancing the ransomware prevention capabilities.

Step 1: Enabling Ransomware Prevention

If the version of the agent installed on the Linux server is 3.2.8 or later or the version of the agent installed on the Windows server is 4.0.16 or later, ransomware prevention is automatically enabled with the HSS premium, WTP, or container edition. If the agent version does not support the automatic enabling of ransomware prevention, you can manually enable it.

  1. Log in to the management console.
  2. Choose Prevention > Ransomware Prevention.
  3. Click the Protected Servers tab.
  4. In the Ransomware Prevention Status column of a server, click Enable.

    You can also select multiple servers and click Enable Ransomware Prevention above the server list.

  5. In the Enable Ransomware Prevention dialog box, confirm the server information and select a protection policy.
  6. Click OK.

    If the Ransomware Prevention Status of the server changes to Enabled, ransomware protection is enabled successfully.

Step 2: Configuring a Ransomware Prevention Policy

Configure honeypot file directories, excluded directories, and protected file types based on service requirements.

  1. Log in to the management console.
  2. Choose Prevention > Ransomware Prevention.
  3. Click the Protected Servers tab.
  4. In the row of the target server, click the policy name in the Policy column. The Edit Policy page is displayed.
  1. Configure the policy information by referring to Table 1.

    Table 1 Protection policy parameters

    Parameter

    Description

    Example Value

    OS

    Server OS.

    Linux

    Policy

    Policy name.

    test

    Action

    How an event is handled.

    • Report alarm and isolate
    • Report alarm

    Report alarm and isolate

    Dynamic Honeypot Protection

    After honeypot protection is enabled, the system deploys honeypot files in protected directories and other random positions (unless otherwise specified by users). A bait file occupies a few server resources. Therefore, configure the directories that you do not want to deploy the bait file in the excluded directories.

    NOTE:

    Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files.

    Enabled

    Bait File Directories

    Directory that needs to be protected by static bait (excluding subdirectories). You are advised to configure important service directories or data directories.

    Separate multiple directories with semicolons (;). You can configure up to 20 directories.

    This parameter is mandatory for Linux servers and optional for Windows servers.

    Linux: /etc

    Windows: C:\Test

    Excluded Directory (Optional)

    Directory that does not need to be protected by bait files.

    Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.

    Linux: /etc/lesuo

    Windows: C:\Test\ProData

    Protected File Type

    Types of files to be protected.

    More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups.

    This parameter is mandatory for Linux servers only.

    Select all

    (Optional) Process Whitelist

    Paths of the process files that can be automatically ignored during the detection, which can be obtained from alarms.

    This parameter is mandatory only for Windows servers.

    -

  2. Confirm the policy information and click OK.

Step 3: Enabling Backup

To prevent service loss caused by ransomware attacks, enable the backup function for your servers to periodically back up service data.

If you do not have available vaults, purchase one by referring to Purchasing a Server Backup Vault and then enable the backup function.

  1. Log in to the management console.
  2. Choose Prevention > Ransomware Prevention.
  3. Click the Protected Servers tab.
  4. Select a server and click Enable Backup in the upper part of the server list.

    Figure 1 Enabling backup

  5. In the Enable Backup dialog box, select a vault.

    A vault that meets the following conditions can be bound:
    • The vault is in Available or Locked state.
    • The backup policy is in Enabled state.
    • The vault has backup capacity available.
    • The vault is bound to fewer than 256 servers.

  6. Click OK.