Secure Your Cloud After Ransomware: Backup, Encryption & Access‑Control Guide

Background

A recent ransomware attack on a major electronics manufacturer encrypted about 1,200 servers, stole roughly 100 GB of unencrypted files, and deleted 20–30 TB of backups. The attackers demanded 1,804.0955 BTC (≈ US$34.7 million), highlighting the critical importance of robust IT security.

Step 1: Data Backup Self‑Check

Self‑check: Verify whether critical data has off‑site disaster‑recovery copies.

Remediation: Enable cross‑region data synchronization to keep backups in another region, ensuring rapid recovery after attacks or natural disasters.

JD Cloud best practice: Use Object Storage → Space Management → Advanced Settings → Data Sync → Historical Data Sync to copy important data to another region, then configure Incremental Data Sync for ongoing updates.

Step 2: Data Encryption Self‑Check

Self‑check: Confirm that important and sensitive data are stored encrypted and that no keys are hard‑coded or stored in plaintext.

Remediation: Encrypt sensitive data, prohibit hard‑coded keys, and manage all keys securely with regular rotation.

JD Cloud best practice:

Key Management: Use the Key Management Service SDK to create and host keys; store only encrypted keys locally and decrypt via the SDK when needed.

Data Encryption: Use Data Security Center to create a protection instance, bind the data source, and configure fields for automatic encryption; enable default encryption for OSS objects.

Step 3: Server Permission Management Self‑Check

Self‑check: Ensure login servers have permission control, security auditing, and automated operation capabilities.

Remediation: Deploy a bastion host to enforce permission policies, define high‑risk commands, set time‑based login interception rules, and regularly audit sessions.

JD Cloud best practice: Use the Bastion service → create an instance → add users, hosts, accounts, and rules, then access servers through the bastion.

Step 4: Platform/Application User Permission Management Self‑Check

Self‑check: Verify that platform or application users are authorized according to roles or levels and that critical operations enforce access checks.

Remediation: Implement a role‑based permission mechanism, enforce access verification on key actions, and prevent privilege escalation.

JD Cloud best practice:

Sub‑account security: Set a strong IAM password policy, enable MFA, rotate credentials, and prohibit the JDCloudAdmin‑New role.

Main‑account security: Disable or delete all Access Keys for the primary account and use role‑based access instead.

Login and operation security: Enable virtual MFA, operation protection, and optional login‑IP protection.