Help Center> Host Security Service (New)> User Guide> Prevention> Ransomware Prevention> Preventing Ransomware
Updated on 2023-01-20 GMT+08:00
View PDF

Preventing Ransomware

Prerequisite

You have purchased the HSS premium or WTP edition.

Constraint

  • Only Huawei Cloud servers can be protected.
  • When enabling ransomware protection, configure server backup, handle the ransomware alarms, and fix system and middleware vulnerabilities in a timely manner. If the Server Backup function is not enabled, services may not be restored after being attacked.
  • Servers that are not protected by HSS premium, WTP, or container editions do not support ransomware prevention operations.
  • In pay-per-use billing mode, ransomware protection is not supported.

Checking the Ransomware Prevention Overview

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.

    Figure 1 Accessing HSS

  3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.

    • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
    • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.

  4. In the navigation pane, choose Prevention > Ransomware Prevention to check ransomware protection details. For more information, see Table 1.

    If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

    Figure 2 Ransomware prevention overview
    Table 1 Ransomware prevention parameters

    Parameter

    Description

    Example Value

    Enterprise Project

    After an enterprise project is selected, the overview page will display the data in the project only.

    You can select an existing enterprise project. By default, the data of all servers in all projects is displayed.

    -

    Time range

    Select a time range to check ransomware defense statistics.

    Valid values: Last 24 hours, Last 3 days, Last 7 days, Last 30 days

    Last 30 days

    Protection Statistics

    Protected Servers

    Number of servers protected against ransomware.

    -

    Events

    Number of ransomware-related events detected within the specified time range.

    -

    Backup Statistics

    Backed Up Servers

    Number of servers whose data has been backed up.

    -

    Backup and Restoration Tasks

    Number of server data restoration tasks. You can click the number to view the task progress.

    -

    Used/Total Capacity

    Capacity occupied by backup data and the total backup capacity.

    -

    Backup Policies

    Backup and retention policies. You can modify the backup policy.

    -

    Protected Servers

    Server Name/ID

    Server name and ID. You can click a server name to view its details.

    -

    IP Address

    EIP and private IP address of a server.

    -

    OS

    Server OS.

    Linux

    Server Status

    Server status.

    • Running
    • Stopped

    -

    Ransomware Protection Status

    Ransomware protection status of a server. Its value can be:

    • Enabling
    • Enabled
    • Disabling
    • Disabled

    Enabled

    Policy

    Policy used for the server.

    -

    Events

    Number of ransomware-related events detected within the selected time range.

    -

    Backup

    Status of the backup function. Its value can be:

    • Enabled: Automatic full data backup has been enabled for a server.
    • Disabled: Automatic full data backup is disabled for a server.

    Enabled

    Policies

    Policy

    Policy name.

    -

    Action

    Action of a policy. Its value can be:

    • Report alarm: If a virus is detected, an alarm will be reported.
    • Report alarm and isolate: If a virus is detected, an alarm will be reported and the virus will be isolated.

    Report alarm and isolate

    Bait File

    Files and directories that store invalid data on servers and are used as honeypots.

    If ransomware prevention is enabled, this function is enabled by default.

    After honeypot protection is enabled, the system deploys honeypot files in protected directories and key directories (unless otherwise specified by users). A honeypot file occupies only a few resources and does not affect your server performance.

    Enabled

    Run-time Detection

    Status of runtime detection of a policy. The value can be:

    • Enabled
    • Disabled

    Disabled

    OS

    OS of the server to which the target policy is bound.

    Windows

    Associated Servers

    Number of servers associated with the policy.

    -

Viewing Backup and Restoration Tasks

The backup of HSS ransomware protection depends on Cloud Backup and Recovery (CBR). Before enabling server backup, ensure that you have purchased CBR.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.

    Figure 3 Accessing HSS

  3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.

    • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
    • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.

  4. In the navigation pane, choose Prevention > Ransomware Prevention. Click the number of backup and restoration tasks.

    Figure 4 Viewing backup and restoration tasks

  5. In the dialog box that is displayed, view the backup and restoration task details. You can filter or search for a server by its name or status. For more information, see Table 2.

    Figure 5 Backup and restoration task details
    Table 2 Backup and restoration task parameters

    Parameter

    Description

    Example Value

    Server Name/ID

    Name or ID of a server that executes a restoration task.

    -

    Backup Name

    Name of a backup file.

    -

    Restoration Status

    Restoration status of a server. It can be:

    • Succeeded
    • Skipped
    • Failed
    • In progress
    • Timed out
    • Waiting

    If a task was skipped, failed, or timed out, perform restoration again.

    Succeeded

    Start/End Time

    Start and end time of backup and restoration.

    -

Restoring Server Data

The backup of HSS ransomware protection depends on Cloud Backup and Recovery (CBR). Before enabling server backup, ensure that you have purchased CBR.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.

    Figure 6 Accessing HSS

  3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.

    • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
    • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.

  4. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Protected Servers tab. In the Operation, click Restore Data.

    Figure 7 Restoring data

  5. In the dialog box that is displayed, view information about the server to be restored. You can search for the backup data source to be restored by filtering the backup status and searching for the backup name. For more information, see Table 3.

    Figure 8 Filtering data sources
    Table 3 Backup data source parameters

    Parameter

    Description

    Example Value

    Backup Name

    Name of a backup file.

    -

    Backup Status

    Backup status. It can be:

    • Available
    • Creating
    • Deleting
    • Restoring
    • Error

    A backup in Available state can be used for restoration.

    -

    Execution Time

    Time when the data source was backed up.

    -

  6. In the Operation column of a backup, click Restore.

    Only a backup in the available state can be restored.

  7. In the dialog box that is displayed, confirm the server information and click OK.

    Figure 9 Restoring a server

Increasing the Backup Capacity

The backup of HSS ransomware protection depends on Cloud Backup and Recovery (CBR). Before enabling server backup, ensure that you have purchased CBR.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.

    Figure 10 Accessing HSS

  3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.

    • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
    • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.

  4. In the navigation pane, choose Prevention > Ransomware Prevention. Click Add Capacity.

    Figure 11 Increasing the backup capacity

  5. In the dialog box that is displayed, configure the capacity.

    Figure 12 Configuring the capacity

  6. Click OK and complete payment.

    • If the payment is not complete, the status Unavailable will be displayed, indicating that the backup capacity is locked. You cannot place other backup capacity orders before paying for the current order.
      Figure 13 Capacity locked
    • If the payment is complete, check whether your capacity changed by performing 4.

Modifying a Backup Policy

The backup of HSS ransomware protection depends on CBR. The server backup policy takes effect only after CBR is purchased.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.

    Figure 14 Accessing HSS

  3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.

    • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
    • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.

  4. In the navigation pane, choose Prevention > Ransomware Prevention. Click Modify Policy.

    Figure 15 Modifying a backup policy

  5. Configure the policy in the dialog box that is displayed. For more information, see Table 4.

    Figure 16 Configuring a policy
    Table 4 Policy parameters

    Parameter

    Description

    Example Value

    Backup Frequency

    Data can be automatically backed up on specific days in a week, or at a fixed interval.

    • Weekly: Select one or more days in a week to back up data.
    • Day based: The range of the backup interval is 1 to 30 days.

    Weekly

    Execution Time

    Time when automated backup is started.

    NOTE:

    Example of policy configurations

    Policy 1: Set Backup Frequency to Weekly, select Wednesday and Saturday, and set Execution Time to 00:00 and 13:00. Data will be automatically backed up at 00:00 and 13:00 every Wednesday and Saturday.

    Policy 2: Set Backup Frequency to Day based. Set Execution Time to 02:00 and 14:00. Data will be automatically backed up at 02:00 and 14:00 at an interval of two days.

    00:00, 07:00

    Timezone

    Select the time zone of the backup time.

    UTC+08:00

  6. Confirm the settings and click Next. Configure the backup retention rule.

    • Type: Backup Quantity

      Configure the backup rule. For more information, see Table 5.

      Figure 17 Configuring retention rules by quantity
      Table 5 Parameters for data retention by quantity

      Parameter

      Description

      Example Value

      Rule

      Number of latest backups to be retained.

      NOTICE:

      This setting takes effect no matter how you configure advanced options.

      For example, if the rule is configured to keep the most recent 30 backups, and Advanced Options are configured to keep the latest backup in the last 3 months (90 days), the latest 30 backups will be retained.

      30

      (Optional) Advanced Options

      You can retain the latest backup in a day, a week, a month, or a year.

      • Daily backup: The latest backup on each of the specified days is retained.
      • Weekly backup: The latest backup on each day of the specified weeks is retained.
      • Monthly backup: The latest backup on each day of the specified months is retained.
      • Yearly backup: The latest backup on each day of the specified years is retained.
      NOTE:

      If multiple rules are configured, the rule with the longest retention period takes effect.

      Keep the most recent backup from each of the last three months
    • Type: Time period

      Configure the backup policy. For more information, see Table 6.

      Figure 18 Configuring the retention rule by time period
      Table 6 Parameters for data retention by time period

      Parameter

      Description

      Example Value

      Rule

      Select or customize a backup retention period. The system will automatically retain backups and delete old ones based on your settings. The retention period can be:

      • Days
      • 1 month
      • 3 months
      • 6 months
      • 1 year

      3 months
    • Type: Permanent
      Backup data will be permanently stored.

      If the Retention Type of a rule is changed from Time period to Permanent, historical backups will still be deleted by following based on the Time period settings. For details, see Why Does the Retention Rule Not Take Effect After Being Modified?

  7. Click OK.
Parent topic: Ransomware Prevention