Help Center/ Host Security Service/ User Guide (Kuala Lumpur Region)/ Server Protection/ Ransomware Prevention/ Ransomware Prevention Overview
Updated on 2025-10-10 GMT+08:00
View PDF
Share

Ransomware Prevention Overview

Ransomware can intrude a server, encrypt data, and ask for ransom, causing service interruption, data leakage, or data loss. Attackers may not unlock the data even after receiving the ransom. HSS provides static and dynamic ransomware prevention. You can periodically back up server data to reduce potential losses.

Constraints

  • Only the HSS premium, WTP, and container editions support ransomware prevention.
  • If the agent of version 3.2.10 or later is installed on a Linux server, or the agent of version 4.0.22 or later is installed on a Windows server, and the HSS premium, WTP, or container edition is enabled for the server, HSS will automatically enable ransomware prevention for the server, but will not automatically enable ransomware backup. You can enable it as needed. If the agent version installed on the server is not in the preceding range, you need to manually enable ransomware prevention and backup.
  • Ransomware prevention is a systematic project that involves multiple aspects, including security management and technical defense. As an important part of ransomware prevention, HSS helps to identify and block ransomware, but it cannot defend against all ransomware. To minimize the loss caused by ransomware, you are advised to build a systematic protection solution, including but not limited to reducing exposure to the the Internet, strengthening network access control, strictly managing account permissions, and building a highly reliable service architecture. In addition, you are advised to periodically back up important service data, so that services can be quickly restored through backup if a ransomware attack occurs, thus reducing interruptions.

Process of Using Ransomware Prevention

Table 1 Usage process

Operation

Description

Enabling Ransomware Prevention

Enable ransomware prevention for a server, deploy static and dynamic honeypots, and detect ransomware attacks in real time.

CAUTION:

If you find suspicious files on a server after enabling ransomware prevention, contact technical support and check whether the files are the honeypots deployed by HSS. Honeypot files are used to detect ransomware attacks. They do not affect your services, do not contain any malicious content, and cannot be manually deleted.

  • If the agent of version 3.2.10 or later is installed on a Linux server, or the agent of version 4.0.22 or later is installed on a Windows server, and the HSS premium, WTP, or container edition is enabled for the server, HSS will automatically enable ransomware prevention for the server. You can modify the default protection policy settings (including protected directories and actions) as needed. For details, see Managing Ransomware Protection Policies.
  • If the version of the agent installed on the server is not one of the preceding versions, you need to manually enable ransomware prevention.

Viewing and Handling Ransomware Prevention Events

Once a ransomware attack is detected during ransomware protection, analyze and isolate the ransomware in a timely manner, and fix the security weaknesses of the system.
Parent topic: Ransomware Prevention