With all the uproar about ransomware in the news lately it made us wonder, are SQL Server database files susceptible to ransomware? From what we researched and understand SQL Server backups are vulnerable when:
- Regular Full backups are not taken.
- Backup is not encrypted with your own password.
What is Ransomware?
Ransomware is a program that gets into your computer, either by clicking on the wrong thing or downloading the wrong thing, and then it holds something you need to ransom.
Please do check that if you are following all the steps to keep your database safe.
Backups > Updates > Monitoring > Education > Hardening
The best protection against Ransomware is to backup all of your database files to a completely separate system.
Be Vigilant and Educate Users
Do not open suspicious emails, websites and apps on your network. Make sure your firewall is blocking all the unwanted traffic and unauthorized traffic.
Use Antivirus Program
We have been always advocating that an antivirus program should not be installed on your database server because they slow down the performance of your system when it is under stress. That does not mean that we have been against anti-virus on your network computers. We believe we should use latest antivirus program to scan your entire network and connected system to make sure there is no malware or any entry point open for ransomware. It is extremely critical that your all system’s are updated with latest anti-virus definitions.
Don’t Ignore Windows Update
Enable Windows Update. Updating windows more often and with smaller testing intervals. Microsoft has always provided updates for free and took responsibilities on the issues.
Other good practices:
- Monitor for failed logins on your Servers; particularly the sa login look for patterns here e.g. are they coming from one Server.
- Strong passwords for the Service Accounts and sa Accounts; e.g. l=/N\hZnuQ4@Q\I%S0Qn
- However where possible it is better to use Managed Service Accounts (MSA’s) or Group Managed Service Accounts (GMSA’s); as no one can use these accounts for logging onto Servers. GMSAs are not supported for SQL Server until SQL 2016.
- Use KeePass Data store for storing the account details
- Password protect the backups
- Nothing is going to protect you if any of this is done under an administrator’s’ login. If someone has local admin to the server then nothing is secure.
- SQL Server is susceptible to anything if an admin account is compromised. That’s why securing your server is the first and best step to securing what runs on said server, doesn’t matter what OS or program/service.
- Avoid using TCP/IP port 1433
- Don’t use xp_cmdshell