SQL Server and Petya

29 June,2017 by Jack Vamvas

 

There is increased chatter about another global ransomware attack. This one is called Petya . The main attack point of Petya is Windows master boot record. The Petya ransomware encrypts the NTFS table and there is a demand for Bitcoin payment.

The general advice is to be careful about email attachments, apply security patching aggressively , offsite backups and browsing.

There are a number of steps which can assist in mitigating the risk on a server hosting SQL Server.

No browsing allowed on servers supporting SQL Server

  • Monitor for failed logins on your Servers; particularly the sa login look for patterns here e.g. are they coming from one Server.Read more on how to identify and report on failed login attempts with Powershell - Powershell and Failed Logon attempts
  • Avoid using TCP/IP port 1433
  • Strong passwords for the Service Accounts and sa Accounts; e.g. 6w34ase[vb3n61q^*354wj769:@
  • Regular Full Backups that would cover
  • Password protect the backups

There's always debate about whether anti-virus software should be installed on a server hosting SQL Server. Read more on Is AntiVirus Software required on a SQL Server (SQL Server DBA)

A very thorough certification process will assist in locking down the system . Couple with a rigorous change request process will minimise the surface attack space.

 


Author: Jack Vamvas (http://www.sqlserver-dba.com)


Share:

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on SQL Server and Petya


sqlserver-dba.com | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer