• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Windows Defender ATP Support for Windows 7 and Windows 8.1 Reaches ‘General Availability’

Ransomware: What It Means for Your Database Servers

January 12, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Releases Azure Firewall Premium in Public Preview

February 26, 2021
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

February 25, 2021
8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

February 25, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

February 25, 2021
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

February 23, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

February 22, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Sunday, February 28, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Cloud Announces Three New Vertical Cloud Solutions

    Innovative solutions for IT workers at home

    Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

    Innovative solutions for IT workers at home

    What is database encryption?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    8×8 makes raft of updates to platform

    Indonesian Mobile Operator Selects NTT for Microsoft Security Project

    Microsoft To Build New Azure Cloud Data Centers In Greece

    NTT completes Microsoft security project for Indonesian mobile operator

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Releases Azure Firewall Premium in Public Preview

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Engineer at VillageMD

    Innovative solutions for IT workers at home

    How to Sync On-Premise Active Directory Passwords with Office 365 and Google Apps in Real-Time

    Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

    Azure Defender is now available for all IoT and OT devices

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Google and Microsoft ID Group Targeting Security Researchers

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News Business

Ransomware: What It Means for Your Database Servers

by AZURE SECURITY NEWS EDITOR
January 12, 2021
in Business
0
Windows Defender ATP Support for Windows 7 and Windows 8.1 Reaches ‘General Availability’
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Ransomware affects databases in very specific ways. Joey describes the mechanics of a SQL Server ransomware attack, what DBAs can do to protect their systems, and what security measures they should be advocating for.

Happy new year and welcome to 2020. Are you prepared for a ransomware attack?

Security is definitely not the most exciting topic. If you look at the program from any database conference, you will notice a heavy lean toward topics like performance tuning (especially performance tuning), new features or high availability. While these topics are interesting, having good database security might be your last line of defense in the ransomware attack that you are likely to have.

The Mechanics of Ransomware Attacks
Ransomware attacks typically use one of two major vectors. The more common one is a phishing attack in the form of an e-mail with an infected attachment. A user opens this attachment, allowing the ransomware to execute on your network.

The other vector is identifying a vulnerability in your network, like in your VPN software, and inserting itself into your network. Once inside your network, the ransomware begins to encrypt files on the target system and attempts to encrypt files on any mapped drives or even any network-connected device that the infected machine can write to.

After your files are fully encrypted, the infected computers will display a pop-up message asking for payment in the form of Bitcoin for a key to decrypt the files:

[Click on image for larger view.]Creative Commons image captured from here.

The time limit is a common ploy to pressure the victim into paying the ransom so they can gain access to their files without them being deleted. However, several recent cases have had firms paying the ransom but still not gaining access to their files.

How This Can Affect Your Database Systems
Ransomware attacks are highly effective, but they aren’t the most sophisticated attacks. The attack functions just like Transparent Data Encryption (TDE) does in SQL Server, except that you don’t have the have the encryption key.

Typically, variants will attack your MDF, NDF, LDF and your backup files (BAK and TRN). This leaves your SQL Server in an inoperable state, because the SQL Server service can no longer open master.mdf — and then things go downhill from there.

While the encryption of your data and log files is really bad, the killer is that you can lose access to your backups. Once your backups are encrypted, it really is game over in terms of your data recovery.

So What Can You Do?
Protecting against ransomware is a multifaceted effort that requires defense in-depth at multiple layers of your infrastructure. However, as a data professional, your scope is probably defined to the database servers in your environment. Let’s first talk about the things you can either personally do or advocate for.

Storing Backups in Another Location: I saw a Tweet a couple of week ago that said, “It’s really hard to encrypt a locked box of backup tapes,” and I thought that we have returned full circle to tape backup.

If trying to remember the latest LTO type isn’t on your agenda, you should ensure that you have a second copy of your backups going to somewhere that is not easily network-accessible. I really like the idea of using the cloud for this (i.e., copying your backups to secured cloud storage).

Whatever you do, don’t have the only copy of your database backups be on a file share that you can access from your desktop and as a standard user. Additionally, I would recommend carefully evaluating what has access to your backup environment. If it is on the company file share that employees use, consider moving the backups to their own set of file servers with limited access.

Use Admin Account: Instead of using your normal credentials for privileged operations like logging into a database server, you should be logging in with a different set of credentials (preferably with a multifactor authentication).

Some companies take this further by having a separate domain for production systems, which is an even more secure approach. The reason to do this is because if your machine becomes infected, your user account won’t have direct access to production systems.

Patch All the Things You Manage: This should go without saying, but it’s absolutely critical to keep systems up to date with the latest Windows and SQL Server patches. Encourage other teams in your organization to do the same; you are only as strong as your weakest link.

Use Windows Firewall: I’m guilty of not doing this myself, as it can be frustrating to open specific ports especially when you are using things like clustering or AlwaysOn Availability Groups. However, the protection that Windows Firewall offers is really good for a basic protection level. (Note: Some malware variants actually open ports in Windows Firewall.)

Test Those Backups: Your backups are only as good as your ability to restore them. Do this regularly.

What Should You Advocate For?
Though network architecture is typically outside of the scope of the DBA, it is some of the best protection against malware. By segmenting your network so that servers have very limited ability to communicate over the network with other services, you limit the damage that a malware infection can do.

From a security perspective, this is part of what’s called an “assume breach” mentality — you assume that computers in your network have been attacked or could be attacked at any time. Part of that mindset is protecting your most critical systems (e.g., your production database servers). This approach also means actively trying to attack your own environment and regularly recovery testing.

This is the new normal — ransomware attacks are a clear risk for the foreseeable future and your critical business data is vulnerable. As a database or system administrator, you are limited in your influence, but you can help identify security anti-patterns while maintaining best practices across your systems to provide data protection.

Reference: https://redmondmag.com/articles/2020/01/21/ransomware-database-servers.aspx

Share197Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Innovative solutions for IT workers at home

What is database encryption?

by AZURE SECURITY NEWS EDITOR
February 26, 2021
0

Database encryption protects sensitive information by scrambling the data when it’s stored, or, as it has become popular to say,...

Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

by AZURE SECURITY NEWS EDITOR
February 24, 2021
0

Native integration with ZEDEDA’s orchestration solution for the distributed edge enables end-to-end remote management of the entire Azure IoT Edge...

A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

by AZURE SECURITY NEWS EDITOR
February 23, 2021
0

Microsoft has reconfirmed that the "Solorigate" advanced persistent threat attackers saw some of its source code, although "only a few individual files...

8×8 makes raft of updates to platform

Indonesian Mobile Operator Selects NTT for Microsoft Security Project

by AZURE SECURITY NEWS EDITOR
February 22, 2021
0

NTT last week announced the completion of its first Microsoft Security Project for a cellular operator in Indonesia. The engagement with NTT...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In