Common recommendations regarding Rapid Recovery and ransomware infections (4038350)

There are several steps that can be taken to decrease chances of ransomware infection and reduce restore times in case that infection or other type of damage did happen.

1) Make sure that Rapid Recovery Core server is not joined to Active Directory domain
1a. Use local administrative account/password that does not match any account in AD
1b. Make sure that Core server is regularly patched with Windows/Microsoft Updates
2) Setup a DR (Disaster Recovery) site, and replicate Rapid Recovery Core data to it.
2a. It's recommended to place the DR site geographically remote, but not very far.
2b. It's better to setup a replication Core/storage on the physical server, which can be driven to the primary site for a faster restoration process (if the primary Core was compromised or there was a physical damage (fire, flood, lightning, etc). If needed, VM can also be used as a target Core, in case the target Core's repository disk can be copied and attached to the primary site's Core.
2c. Connectivity between replicating Cores should only be using 8006 port. This is the only port required for replication and its direction depends on replication's direction.
3) Utilize hypervisors to setup Virtual Standby process for critical servers (Domain Controllers, SQL, Exchange, etc)
3a. Test booting Virtual Standby VMs once in a while with networking disabled, to make sure that VMs are bootable. Never boot Virtual Standby VM while the originally protected machine is active in the same LAN.
4) Once in a while, save Core configuration into XML and store it in the safe place. To do that: open Core console, Settings, click on Back Up Settings at the top of right pane
4a) It's also recommended to export Encryption Keys (if any) to files using Core console, More (..), Encryption Keys. Store these files in the safe place.as well.

Usual scenario, when ransomware is attacking Core server, is when OS is compromised and repository XML files are being encrypted. New Core installation won't be able to detect repository data files without appropriate XML files. It's still possible, but may take long time and even using repair tools to bring the repository back to working state. So if Core server got compromised, but still accessing, before wiping it out, please export and save those registry keys:
HKLM\Software\Apprecovery (whole tree, just in case)
HKLM\Software\Apprecovery\Core\EncryptionKeys
HKLM\Software\Apprecovery\Core\Repositories

Note: there's no point of applying exported HKLM\Software\Apprecovery key on the new Core server. Many values there are encrypted using machine-specific encryption keys and they will be unrecognizable on the new Core server