Search

Ransomware Protection with Oracle Recovery Appliance RA23, Oracle ZFS Storage ZS9-2, and Oracle KeyVault Management

  • Writer: info@mps-asia.com at
  • Tech blog

In recent times, ransomware attacks have become increasingly common not only globally but also in Vietnam, causing severe damage to organizations and businesses. Even leading technology companies are not immune to ransomware threats. As ransomware attacks grow more sophisticated, protecting enterprise data has become a top priority. Oracle offers a comprehensive solution with the Oracle Zero Data Loss Recovery Appliance RA23, integrated with Oracle ZFS Storage ZS9-2 and Oracle KeyVault Management, along with a Data Vault model to ensure data security and rapid recovery.

This article presents a proven and successfully implemented solution for protecting Oracle Database data from ransomware attacks.

 

Initial Challenges

V Commercial Joint Stock Bank operates a Core Banking system using Oracle Database to process millions of daily financial transactions, from fund transfers and bill payments to loan management and online banking. In 2024, the bank recognized the increasing ransomware threats, especially after a ransomware attack on another bank, resulting in serious business disruptions.

Key issues the bank faced included:

  • Risk of data loss: Traditional backups could not guarantee recovery to the last transaction, threatening the continuity of millions of daily operations.
     

  • System performance: Backup processes strained the production servers, slowing down real-time Core Banking transactions.
     

  • Compliance requirements: The bank had to meet the State Bank of Vietnam’s regulation to retain financial data for seven years with immutable backups.
     

  • Lack of security isolation: The old backup system was not separated from the production database, making it vulnerable to ransomware spread.
     

After evaluating various market solutions, V Bank partnered with Oracle and MPS Vietnam to pilot and deploy a comprehensive data protection system focused on ransomware resistance and fast recovery.

 

The Deployed Solution

The bank implemented an integrated solution that includes Oracle Recovery Appliance RA23, Oracle ZFS Storage ZS9-2, and Oracle KeyVault Management. Here’s how each component was utilized:

Oracle Recovery Appliance RA23

  • Role: Deployed at the bank’s primary data center to perform real-time backups of the Oracle Database from the Core Banking system. This appliance ensures no data loss with recovery times under one second.
     

  • Key features:
     

    • Immutable backups: Prevent unauthorized deletion or modification of backups for 90 days per compliance policy.
       

    • Continuous validation: Detects any corruption or signs of ransomware in the backup data.
       

    • High performance: Offload backup processing from production servers. Only the initial backup is full, while subsequent backups only change data, reducing backup time and load by up to 90%.
       

Oracle ZFS Storage ZS9-2

  • Role: Used in the Data Vault for long-term backup storage to meet the seven-year data retention requirement.
     

  • Key features:
     

    • Immutable storage: Ensures backups cannot be modified, complying with financial regulations.
       

    • Historical data archiving: Backups older than 90 days are moved to ZS9-2 to optimize RA23 storage space.
       

    • Storage partitioning: Allocated as Object Storage, compatible with Oracle Cloud Infrastructure (OCI), enabling future cloud migration or external storage.
       

Oracle KeyVault Management

  • Role: Manages encryption keys for all backups, enhancing ransomware protection. Deployed in high-availability mode with synchronized key servers.
     

  • Key features:
     

    • Key provisioning: Supplies encryption keys for RA23 and Object Storage, ensuring backups are only restorable with proper authorization.
       

    • Access control: Only authorized administrators with KeyVault access can perform restores.
       

Data Vault Model (Recommended Addition)

  • Role: A Data Vault was deployed at a remote, isolated location, using an air-gapped network to protect backups from ransomware.
     

  • Key features:
     

    • Isolated network: Connection is opened only two hours per week for syncing new backups, minimizing intrusion risk.
       

    • Independent management: Data Vault administrators use separate credentials, isolated from the main data center team.
       

Centralized Management with Oracle Enterprise Manager

  • Oracle Enterprise Manager was deployed to monitor the entire environment, providing real-time reporting on backup status, ransomware alerts, and compliance metrics.
     

 

Achieved Results

With the implemented system, the bank achieved:

  • Improved performance:
     

    • RA23 reduced backup time by up to 90% and daily storage requirements by 70%.
       

  • Immutable backup protection:
     

    • Backups in ZS9-2 and the Data Vault remained unaffected by ransomware regarding network isolation and immutability policies.
       

  • Regulatory compliance:
     

    • Fully complied with the State Bank’s seven-year data retention requirement with encrypted and validated backups.
       

Though the Core Banking system has not been targeted by ransomware, Oracle's solution enabled the bank to prepare for such scenarios:

  • Rapid detection and isolation:
     

    • RA23 can detect corrupted backup data within five minutes of ransomware infiltration, sending alerts via Enterprise Manager.
       

    • The IT team can disconnect the backup system from the network, preventing the infection of critical data.

 

  • Guaranteed zero data loss recovery:
     

    • The bank can use backups from RA23 in the Data Vault to restore the system to its pre-attack state within two hours.
       

    • No transactions among the millions processed daily were lost, ensuring uninterrupted and trusted customer service.
       

 

Key Lessons Learned

From the deployment and simulated ransomware response, the bank drew important lessons:

  • Importance of isolation: The Data Vault model with air-gapped networking is critical to protecting backups from ransomware.
     

  • Strong key management: KeyVault simplifies security while ensuring only authorized personnel can perform restores.
     

  • Proactive monitoring: Enterprise Manager provides a comprehensive view, enabling fast threat detection and response.
     

  • Ongoing training: The bank conducts regular training to ensure the IT team is familiar with RA23 recovery and management procedures.
     

 

Conclusion

The deployment of Oracle Recovery Appliance RA23, Oracle ZFS Storage ZS9-2, Oracle KeyVault Management, and the Data Vault model enabled V Commercial Joint Stock Bank not only to protect against ransomware but also to build greater trust with customers and partners. This solution safeguards millions of daily transactions while delivering high performance and regulatory compliance—laying the foundation for the bank’s sustainable growth.

References:

  • Oracle Zero Data Loss Recovery Appliance Datasheet
     

  • Oracle ZFS Storage ZS9-2 Specifications
     

  • Oracle KeyVault Management Documentation

 

Next post

Latest article

Tech blog

Oracle Licensing - Named User Plus Licensing vs. Processor Licensing

Tech blog

Oracle Database Standard Edition 2 licensing guide

Tech blog

How to purchase Oracle Database License

Tech blog

Exadata: Guide to Testing Compatibility of Third-Party Security Agents on Exadata

Tech blog

Exadata: Delivering High Performance with Sustainable Efficiency

Blog category

Sign up for

Technical support +84 902 202 299

MPS VIET NAM JOINT STOCK COMPANY

Tax code : 0107283022

Registration Address

  • Address: 2nd floor, 133 Thai Ha building, Trung Liet Ward, Dong Da District, Ha Noi, Vietnam
  • Phone: +84 24 6687 6567
  • Email: info@mps-asia.com

Main menu

Copyright © 2025 MPS. Powered by Haravan

article