SQL SERVER – How to Protect Your Database from Ransomware?

In the last month, I have received calls from quite a few of my customers about Ransomware. Particularly this weekend it has been very busy with over 8 customers had issues with Ransomware. However, we were lucky enough to have proper database backups and pre-cautions in the place and hence we were able to recover quickly and without downtime. Today, I decided to write up small notes for everyone who wants to protect their database from Ransomware.

SQL SERVER - How to Protect Your Database from Ransomware? ransomware

What is Ransomeware?

Ransomware is a program that gets into your computer, either by clicking on the wrong thing or downloading the wrong thing, and then it holds something you need to ransom.

Please do check that if you are following all the steps to keep your database safe.

Backup Database

The best protection against Ransomware is to backup all of your database files to a completely separate system. For example, take your backup to external hard drive or remote FTP system. Please make sure that after taking the backup your hard drive is not connected to your network or even the internet. If your hard drive is still connected to your network or computer when an attack happens on your system, your hard drive with a proper backup may be locked out of your reach.

Solarwinds

Remember: Take back up to the system which is disconnected from your network or internet after the backup operation is over.

Important Resources:

Be Vigilant

Do not open suspicious emails, websites and apps on your network. Make sure your firewall is blocking all the unwanted traffic and unauthorized traffic.

One thing which I still see in many of my customer places is that they have left the browser and web surfing access available on the server where they have kept SQL Server. I have been very much against it from the very first day. During my Comprehensive Database Performance Health Check and SQL Server Performance Tuning Practical Workshop, we always discuss this as I believe this is very important aspect everyone should know and follow.

Additionally, you should have your database server on a different network from your user network that way, if your user network is attacked by ransomware your database server network remains protected from it. This is one of the very important infrastructure change one should implement while they are planning a robust and secure IT infrastructure for your network.

Remember: Do not open suspicious links on your computer network system.

Use Antivirus Program

I have been always advocating that an antivirus program should not be installed on your database server because they slow down the performance of your system when it is under stress. That does not mean that I have been against anti-virus on your network computers. I believe we should use latest antivirus program to scan your entire network and connected system to make sure there is no malware or any entry point open for ransomware. It is extremely critical that your all system’s are updated with latest anti-virus definitions.

Don’t Ignore Windows Update

Just like you, I have even had a habit of differing the Windows updates. In the past, I had poor experienced issues with windows updates, since then I have decided that I will only update windows once a month with the updates which are tested by the community and are over 15 days old. This routine has been working out great with me. However, there are moments when we have to make exceptions. During the recent attacks of Ransomware, I am updating my windows more often and with smaller intervals.

I totally understand that when we are patching recent windows update, there is a small risk of problems with our system. However, it is better to take risks with Windows Update then Ransomware. Please remember, at the end Microsoft has always provided updates for free and took responsibilities on the issues.

Contact Details

If you have any questions related to this article, or want to discuss your backup strategies, you can for sure reach out to me. Every single day I keep two slots available for On Demand (50 minutes). Just send me email with your preferred time for discussion at pinal@sqlauthority.com. We will conduct this learning session via gotomeeting.

During this 50 minutes we will discuss following:

  • Your Backup Timeline
  • Restore Strategy
  • Disaster Recovery Strategy
  • Ideas to keep Ransomware away

Remember, this 50 minutes can save you lots of troubles in the future. It is better to be safe now than sorry later. 

Reference: Pinal Dave (http://blog.SQLAuthority.com)

Solarwinds
, , ,
Previous Post
SQL SERVER – Management Studio Missing – SSMS 2014 not Installed with SQL Server 2014
Next Post
SQL SERVER – How to Change Database Compatibility Level?

Related Posts

9 Comments. Leave new

  • Amarjit Dash
    May 16, 2017 5:06 pm

    Hello Pinal,

    I want to push the last date attendance excel report daily after 12 AM from attendance website to our SQL Server automatically.
    for Example: Today is 16th may 2017. So I want to import 15th May 2017 attendance excel record to our SQL Server automatically. So is it possible to push attendance data to Our SQL server automatically? And again I have to upload this SQL record to client SQL server automatically on a daily basis? Can you please guide me how can I do it.

    Reply
  • Hi,
    Is there a certain Anti-Virus program that you recommend?

    Reply
  • What about changing the db file extension name from mdf, ldf and ndf?

    The recent exploit targets special extensions.

    Reply
  • Thanks for the pointers. The people who send ransomware are becoming really smart and it has become
    really difficult to at times even those who are in the field to tell apart what link is good or not. I think it’s
    very important to have a good anti virus program and of course I myself delay updates at times which
    should not be the case.

    Reply
  • Hi Pinal,
    Can we modify MS_AgentSigningCertificate in SQL server 2012 e.g rsa from 1024 bits to 2048 bits.as our security team has raise concern on same.

    Reply

Leave a Reply

Menu