Updated: 06/12/2023
Protecting against ransomware on a Windows server requires a robust data backup strategy. Here are some key strategies to consider:
Regular Backups: Implement a regular automated backup schedule to ensure critical data is backed up frequently. RDP recommends at least daily backups of the RDP data server and weekly backups of the IRM server. The RDP Database is stored in the ..\RDPNT share directory. The files for the IRM are stored in the C:\Inetpub directory. RDP recommends 3rd party backup software such as Acronis, Backup Exec or the built in Windows Server Backup utility.
Offline or Offsite Backups: Store backups offline or in an offsite location to prevent them from being compromised in case of a ransomware attack. Offline backups, such as tape drives or external hard drives, are disconnected from the network when not in use. Offsite backups can be stored in a separate physical location or on a cloud storage service. RDP recommends at least one backup per week is stored offsite.
Incremental and Versioned Backups: Use incremental backups to only back up changed or new files since the last backup. Additionally, employ versioning to retain multiple copies of backed-up files over time. This way, if ransomware infects the server, you can restore from a clean backup that predates the attack.
Immutable Backups: Consider using technologies that make backups immutable, preventing them from being modified or deleted by ransomware. This can be achieved through features like write-once-read-many (WORM) storage or backup solutions that include immutable storage capabilities.
Secure Backup Storage: Ensure that the backup storage infrastructure is adequately protected. Limit access to backup resources, apply strong access controls, and encrypt backups both during transit and at rest. Regularly update backup software and hardware with the latest security patches.
Test and Verify Backups: Regularly test the backup process to ensure backups are completed successfully and can be restored when needed. Verify the integrity and completeness of backup data by performing test restores periodically. This step is crucial in validating the effectiveness of your backup strategy. RDP recommends testing a backup restore of the RDP database monthly. Please submit a support ticket and we will help you configure a restore directory to test your RDP data backups.
Security Awareness Training: Educate employees about ransomware threats, how they spread, and best practices for safe computing. Teach users to recognize suspicious emails, avoid clicking on unknown links or opening attachments from untrusted sources, and to report any potential security incidents promptly.
Network Segmentation: Implement network segmentation to isolate critical servers from other network resources. This can help contain the spread of ransomware by limiting its impact on other systems.
Endpoint Security: Deploy robust endpoint security solutions, including antivirus/anti-malware software, firewalls, and intrusion detection/prevention systems. Keep these security tools up to date and regularly patch them to address any vulnerabilities.
Remember that while backups are crucial, they should be just one part of a comprehensive defense-in-depth approach to ransomware protection. Additional measures such as strong security policies, network monitoring, user awareness, and incident response planning are also essential to protect your Windows server and data from ransomware threats.
Please feel free to reach out to RDP support for more information on properly backing up your RDPWin database.
Here are links to white papers on effectively backing up a RDPWin/Actian Database
Selecting A Backup Method For Zen v15 Database Files