In the last month, I have received calls from quite a few of my customers about Ransomware. Particularly this weekend it has been very busy with over 8 customers had issues with Ransomware. However, we were lucky enough to have proper database backups and pre-cautions in the place and hence we were able to recover quickly and without downtime. Today, I decided to write up small notes for everyone who wants to protect their database from Ransomware.
What is Ransomeware?
Ransomware is a program that gets into your computer, either by clicking on the wrong thing or downloading the wrong thing, and then it holds something you need to ransom.
Please do check that if you are following all the steps to keep your database safe.
The best protection against Ransomware is to backup all of your database files to a completely separate system. For example, take your backup to external hard drive or remote FTP system. Please make sure that after taking the backup your hard drive is not connected to your network or even the internet. If your hard drive is still connected to your network or computer when an attack happens on your system, your hard drive with a proper backup may be locked out of your reach.
Remember: Take back up to the system which is disconnected from your network or internet after the backup operation is over.
- SQL SERVER – Backup Timeline and Understanding of Database Restore Process in Full Recovery Model
- Take Database Backup using SSMS – SQL in Sixty Seconds #037
- Restore SQL Database using SSMS – SQL in Sixty Seconds #044
- When was Database Last Backed Up with SQL Server?
Do not open suspicious emails, websites and apps on your network. Make sure your firewall is blocking all the unwanted traffic and unauthorized traffic.
One thing which I still see in many of my customer places is that they have left the browser and web surfing access available on the server where they have kept SQL Server. I have been very much against it from the very first day. During my Comprehensive Database Performance Health Check and SQL Server Performance Tuning Practical Workshop, we always discuss this as I believe this is very important aspect everyone should know and follow.
Additionally, you should have your database server on a different network from your user network that way, if your user network is attacked by ransomware your database server network remains protected from it. This is one of the very important infrastructure change one should implement while they are planning a robust and secure IT infrastructure for your network.
Remember: Do not open suspicious links on your computer network system.
Use Antivirus Program
I have been always advocating that an antivirus program should not be installed on your database server because they slow down the performance of your system when it is under stress. That does not mean that I have been against anti-virus on your network computers. I believe we should use latest antivirus program to scan your entire network and connected system to make sure there is no malware or any entry point open for ransomware. It is extremely critical that your all system’s are updated with latest anti-virus definitions.
Don’t Ignore Windows Update
Just like you, I have even had a habit of differing the Windows updates. In the past, I had poor experienced issues with windows updates, since then I have decided that I will only update windows once a month with the updates which are tested by the community and are over 15 days old. This routine has been working out great with me. However, there are moments when we have to make exceptions. During the recent attacks of Ransomware, I am updating my windows more often and with smaller intervals.
I totally understand that when we are patching recent windows update, there is a small risk of problems with our system. However, it is better to take risks with Windows Update then Ransomware. Please remember, at the end Microsoft has always provided updates for free and took responsibilities on the issues.
If you have any questions related to this article, or want to discuss your backup strategies, you can for sure reach out to me. Every single day I keep two slots available for On Demand (50 minutes). Just send me email with your preferred time for discussion at email@example.com. We will conduct this learning session via gotomeeting.
During this 50 minutes we will discuss following:
- Your Backup Timeline
- Restore Strategy
- Disaster Recovery Strategy
- Ideas to keep Ransomware away
Remember, this 50 minutes can save you lots of troubles in the future. It is better to be safe now than sorry later.
Reference: Pinal Dave (http://blog.SQLAuthority.com)