Ransomware Prevention

How HSS Prevents Ransomware

HSS monitors critical files stored on your servers and prevents unauthorized applications from encrypting or modifying the files, protecting your servers from ransomware. HSS can also put bait files on your servers to trap and kill ransomware. To better protect your services, you can use Cloud Server Backup Service (CSBS) to back up your server data, and recover the data to avoid service interruption in the case of an intrusion.

Figure 1 How HSS prevents ransomware

Functions

You can create a ransomware protection policy. The policy will learn and analyze operations on servers, identify trusted applications, and remember how trusted processes modify your files. After the learning completes, HSS automatically applies the policy to the servers you specified, and reports alarms on untrusted applications.

• Linux ransomware prevention
  • If you enable bait protection in a Linux protection policy, HSS will put a bait file on each protected server. Ransomware attempting to encrypt bait files will trigger alarms immediately.
    

    • Bait files are marked by HSS. While you handle suspicious files, be careful not to delete the bait files by mistake.
    • Bait files will neither affect your services nor trigger malicious behaviors. If the bait files are deleted, HSS will be unable to trap and kill ransomware.
  • If you create a Linux protection policy, HSS will learn how trusted processes modify files on protected servers, and report alarms on the ransomware not trapped by bait files.
• Windows ransomware prevention

  If you create a Windows protection policy, HSS will learn how trusted processes modify files on protected servers, and report alarms on modifications made by untrusted processes.