Enabling Ransomware Prevention

Prerequisites

• You have enabled HSS premium, WTP, or container edition.
• You have purchased a backup vault. For details, see Purchasing a Backup Vault. If you have not purchased a backup vault, the Add Server button is unavailable.

Constraints

• Only premium, WTP, and container editions support ransomware protection.

Procedure

1. Log in to the management console.
2. In the upper left corner of the page, click , select a region, and choose Security > Host Security Service.
3. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Protected Servers tab. Click Add Server.

4. In the dialog box that is displayed, select the target system to be protected and configure a protection policy.
   • OS: Select the server system to be protected.
   • Ransomware Prevention: Enable or disable ransomware prevention.
     • Enable:
     • Disable:
   • Policy: Select an existing policy or create a protection policy.
     • Use policy: Select an existing protection policy. For details, see Parameters for selecting an existing policy.

       Table 1 Parameters for selecting an existing policy

       Parameter	Description
       Policy	Select an existing policy.
       Action	Select a ransomware event processing mode supported by the selected protection policy. Report alarm and isolate Report alarm
       Honeypot Protection	After honeypot protection is enabled, the system deploys honeypot files in protected directories and key directories (unless otherwise specified by users). A honeypot file occupies only a few resources and does not affect your server performance. If ransomware prevention is enabled, this function is enabled by default. NOTE: Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files.

     • Create new: Create a protection policy on the current page. For details about the parameters, see Parameters for creating a protection policy.

       Table 2 Protection policy parameters

       Parameter	Description	Example Value
       Policy	Policy name	test
       Action	Indicates how an event is handled. Report alarm and isolate Report alarm	Report alarm and isolate
       Honeypot Protection	After honeypot protection is enabled, the system deploys honeypot files in protected directories and key directories (unless otherwise specified by users). A honeypot file occupies only a few resources and does not affect your server performance. If ransomware prevention is enabled, this function is enabled by default. NOTE: Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files.	Enabled
       Honeypot File Directories	Protected directories (excluding subdirectories). Separate multiple directories with semicolons (;). You can configure up to 20 directories. This parameter is mandatory for Linux servers and optional for Windows servers.	Linux: /etc/lesuo Windows: C:\Test
       Excluded Directory (Optional)	Directories where honeypot files are not deployed. Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.	Linux: /test Windows: C:\ProData
       Protected File Type	Types of files to be protected. More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups. This parameter is mandatory for Linux servers only.	Select all
       (Optional) Process Whitelist	Paths of the process files that can be automatically ignored during the detection, which can be obtained from alarms. This parameter is mandatory only for Windows servers.	-

5. After the configuration is complete, click Next to configure the vault.
   

   Server backup must be enabled.

   Select the target vault. For details about the vault list, see Table 3.

   

   When selecting a vault, you are advised to determine the required capacity based on the backup rules, retention period, and server asset size. Select a vault with enough available capacity. Otherwise, the backup may fail.

   Table 3 Vault list parameters

   Parameter	Description
   Vault Name	Name of the target vault
   Vault ID	ID of the target vault
   Vault Status	Status of the target vault. Available Frozen
   Used/Total Vault Capacity (GB)	Current usage and total capacity of the target vault
   Used Capacity (GB)	Total capacity of the server bound to the target vault. For example: Three servers with 60 GB hard disks are bound to vault A with 200 GB capacity. The used capacity is the total storage capacity of the servers bound to vault A (3 x 60 GB = 180 GB). The used capacity does not occupy the capacity of vault A. The used capacity indicates the maximum capacity required for backing up servers bound to vault A. The used capacity cannot be greater than the capacity of vault A. Otherwise, the backup may fail.
   Number Bound Servers	Number of servers associated with the target vault
   Backup Policy Status	Status of the rule for automatically backing up server data in the target vault

6. Click Next and select servers. You can search for a server by its name or by filtering.
7. Confirm the information and click OK to return to the protected server list.
8. In the list of protected servers, check the Backup Policy Status of the server for which ransomware protection has been enabled.
   • Enabled: Server backup is enabled. The vault automatically backs up servers based on the associated backup policy.
   • Unbound: Server backup is disabled. The vault is not associated with a backup policy. Perform the following steps to associate a backup policy with the vault:
     1. Record the name or ID of the vault that is not associated with any backup policy.
     2. Move the cursor to in the Backup Policy Status column of the server, and click CBR.
     3. In the navigation tree on the left, choose Policies.
     4. On the displayed page, click Create Policy to create a backup policy.

        For details, see "Creating a Backup Policy" in Cloud Backup and Recovery User Guide.

     5. In the navigation tree on the left, choose Cloud Server Backups.
     6. On the Vaults tab page, locate the vault ID you recorded in step 8.a.
     7. Locate the row that contains the target vault, click Apply Backup Policy in the Policy Status column, select a backup policy, and click OK.
     8. In the upper left corner of the page, click and choose Security > HSS to go to the HSS page.
     9. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Protected Servers tab. The Backup Policy Status of the server for which ransomware protection has been enabled is Enabled.

9. If the ransomware protection status of the target server is Enabled and the backup policy status of the vault is Enabled, ransomware protection is successfully enabled for the server.