Help Center/ Host Security Service/ User Guide (ME-Abu Dhabi Region)/ Prevention/ Ransomware Prevention/ Enabling Ransomware Prevention
Updated on 2024-07-12 GMT+08:00
View PDF
Share

Enabling Ransomware Prevention

Ransomware is one of the biggest cybersecurity threats today. Ransomware can intrude a server, encrypt data, and ask for ransom, causing service interruption, data leakage, or data loss. Attackers may not unlock the data even after receiving the ransom. HSS provides static and dynamic ransomware prevention. You can periodically back up server data to reduce potential losses.

Prerequisites

  • You have enabled HSS premium, WTP, or container edition.

Constraints

  • Only premium, WTP, and container editions support ransomware protection.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page, select a region, and choose Security > Host Security Service.
  3. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Protected Servers tab. Click Add Server.

  4. In the dialog box that is displayed, select the target system to be protected and configure a protection policy.

    • OS: Select the server system to be protected.
    • Ransomware Prevention: Enable or disable ransomware prevention.
      • Enable:
      • Disable:
    • Policy: Select an existing policy or create a protection policy.
      • Use policy: Select an existing protection policy. For details, see Parameters for selecting an existing policy.
        Table 1 Parameters for selecting an existing policy

        Parameter

        Description

        Policy

        Select an existing policy.

        Action

        Select a ransomware event processing mode supported by the selected protection policy.

        • Report alarm and isolate
        • Report alarm

        Honeypot Protection

        After honeypot protection is enabled, the system deploys honeypot files in protected directories and key directories (unless otherwise specified by users). A honeypot file occupies only a few resources and does not affect your server performance.

        If ransomware prevention is enabled, this function is enabled by default.

        NOTE:

        Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files.
      • Create new: Create a protection policy on the current page. For details about the parameters, see Parameters for creating a protection policy.
        Table 2 Protection policy parameters

        Parameter

        Description

        Example Value

        Policy

        Policy name

        test

        Action

        Indicates how an event is handled.

        • Report alarm and isolate
        • Report alarm

        Report alarm and isolate

        Honeypot Protection

        After honeypot protection is enabled, the system deploys honeypot files in protected directories and key directories (unless otherwise specified by users). A honeypot file occupies only a few resources and does not affect your server performance.

        If ransomware prevention is enabled, this function is enabled by default.

        NOTE:

        Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files.

        Enabled

        Honeypot File Directories

        Protected directories (excluding subdirectories).

        Separate multiple directories with semicolons (;). You can configure up to 20 directories.

        This parameter is mandatory for Linux servers and optional for Windows servers.

        Linux: /etc/lesuo

        Windows: C:\Test

        Excluded Directory (Optional)

        Directories where honeypot files are not deployed.

        Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories.

        Linux: /test

        Windows: C:\ProData

        Protected File Type

        Types of files to be protected.

        More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups.

        This parameter is mandatory for Linux servers only.

        Select all

  5. After the configuration is complete.

    Server backup must be enabled.

    Select the target vault. For details about the vault list, see Table 3.

    Table 3 Vault list parameters

    Parameter

    Description

    Vault Name

    Name of the target vault

    Vault ID

    ID of the target vault

    Vault Status

    Status of the target vault.

    • Available
    • Frozen

    Used/Total Vault Capacity (GB)

    Current usage and total capacity of the target vault

    Used Capacity (GB)

    Total capacity of the server bound to the target vault.

    For example:

    Three servers with 60 GB hard disks are bound to vault A with 200 GB capacity.

    • The used capacity is the total storage capacity of the servers bound to vault A (3 x 60 GB = 180 GB).
    • The used capacity does not occupy the capacity of vault A.
    • The used capacity indicates the maximum capacity required for backing up servers bound to vault A. The used capacity cannot be greater than the capacity of vault A. Otherwise, the backup may fail.

    Number Bound Servers

    Number of servers associated with the target vault

    Backup Policy Status

    Status of the rule for automatically backing up server data in the target vault

  6. Click Next and select servers. You can search for a server by its name or by filtering.
  7. Click OK.
  8. In the navigation pane, choose Prevention > Ransomware Prevention. Click the Protected Servers tab and check protected servers.
Parent topic: Ransomware Prevention