Help Center> Host Security Service (New)> User Guide> Server Protection> Ransomware Prevention> Ransomware Prevention Overview
Updated on 2024-06-28 GMT+08:00
View PDF

Ransomware Prevention Overview

Ransomware can intrude a server, encrypt data, and ask for ransom, causing service interruption, data leakage, or data loss. Attackers may not unlock the data even after receiving the ransom. HSS provides static and dynamic ransomware prevention. You can periodically back up server data to reduce potential losses.

Constraints

  • To use ransomware prevention for a server, enable the HSS premium, web tamper protection, or container edition.
  • If the version of the agent installed on the Linux server is 3.2.10 or later or the version of the agent installed on the Windows server is 4.0.22 or later, ransomware prevention is automatically enabled with the premium, WTP, or container edition. For other agent versions, you need to manually enable ransomware prevention.

Process of Using Ransomware Prevention

Figure 1 Usage process
Table 1 Usage process

Operation

Description

Enabling Ransomware Prevention

Enable ransomware prevention on a server, deploy static and dynamic honeypots, detect ransomware attacks in real time, and automatically isolate suspicious processes. (There is a low probability that some normal processes are incorrectly isolated.)

If the version of the agent installed on the Linux server is 3.2.10 or later or the version of the agent installed on the Windows server is 4.0.22 or later, ransomware prevention is automatically enabled with the premium, WTP, or container edition. For other agent versions, you need to manually enable ransomware prevention.

Before manually enabling ransomware prevention, you need to create a protection policy. For details, see Creating a Policy.

Enabling Backup

Currently, no tools can protect all ransomware. Servers need to be periodically backed up, so that data can be restored using the backup in a timely manner to reduce loss if a ransomware event occurs.

Viewing and Handling Ransomware Prevention Events

Once a ransomware attack is detected during ransomware protection, analyze and isolate the ransomware in a timely manner, and fix the security weaknesses of the system.

(Optional) Restoring Server Data

If ransomware intrusion succeeds and your service data is lost, you can use the backup to restore data and reduce loss.
Parent Topic: Ransomware Prevention