Support has seen an uptick in ransomware outbreaks on customer’s production servers (this latest one is called .Wallet File Virus - Dharma Ransomware) and this is a public service announcement.
Just some basic off the cuff best practices for production servers:
- your Epicor server shares don’t require any regular user of the software write access to any share which includes epicor905, epicordata, or any other folder that the product drops by default. If you have some shares that grant everyone full control, that should be changed.
- if you must have a read/write share for users (e.g. file attachments), make it something that is outside of the standard out-of-the box Epicor shares. If there are important files to your business there, please backup them up.
- how long would it really take you to get your Epicor server operational if it was taken over by a ransomware virus or just crashes for good? Before you have a problem is the best time to find out, and make all the needed changes in your environment and processes to safely and quickly restore operations in case something unforeseen occurs. SPOILER: something unforeseen always occurs, it’s just a matter of when.
- backups should stored safely off the main production server and be tested regularly before they are actually needed - a backup that isn’t tested can’t be trusted IMO.
