Forum Stats

  • 3,854,955 Users
  • 2,264,441 Discussions


Ransom ware recovery plan question

rjsosi Member Posts: 249 Bronze Badge


We're using Oracle Database 12c Enterprise Edition Release - 64bit Production.

We're developing a Ransom Ware recovery plan for our databases. The data we're protecting is financial data. The very rough overall plan is to back the data up into a vault and restore it after an attack.

One item we're discussing is the time between the last backup and the time before the next backup.

During that time period after the DB back up, transactions are still happening, like Trades or loans granted at specific rates. How would you save that information until the next full DB back-up?

The trick with information like that is you can't redo those transactions because those transactions happened at specific times where the stock prices or the loan rates were at a specific value. So how would you save that information? Has anyone ever done this type of thing before?

What-ever the process is, it would run and store data between the latest time a DB backup was taken and the next time a DB backup was taken. We've got the DB backups being taken about every hour for this specific critical database. So you could refer to the interim time between database backups as the interim back-up. Then that interim-back-up data would be overwritten by the interim back up for the next time period between DB backups, so we're only storing about an hours worth of financial transactional information.

I know some people would just say use RMAN at an incremental level but it sounds like they want a solution where the data is saved outside of Oracle.

Are there any backup solutions in Oracle where you can save data directory to flat files? I'm thinking there is the possibility of using External tables and storing that data in an outside flat file.

I'm looking for a precedent we can at least study to get some ideas.



  • Billy Verreynne
    Billy Verreynne Software Engineer Member Posts: 28,888 Red Diamond

    Flat files are exactly the files that are encrypted by ransomware.

    To protect an Oracle database:

    • use ASM and raw disks (no file systems) that are not targeted by ransomware encryption
    • use RMAN hot database backups to external media (e.g. SAN/NAS ASM raw disks)
    • use multiplexing and/or regular period backups, of archive logs

    FWIW, my firsthand experience with ransomware is that Windows servers and CIFS/SMB file system shares are targeted. Linux servers emerged without a scratch. Except when the Linux VM's vdisks are "flat files" on Windows hypervisor servers.

  • JohnWatson2
    JohnWatson2 Member Posts: 4,489 Silver Crown

    You are describing the usual usage case for Data Guard. Zero data loss guaranteed.

  • rjsosi
    rjsosi Member Posts: 249 Bronze Badge

    Thanks John,

    We're actually using Cyber Recovery by Dell I think.

    I know some people use queries with row counts to validate data.

    Would using DB_Gather_Stats give us anything. What would you be able to compare with data from that? Anyone?