Ransomware has become a major threat to cybersecurity. Security Center provides protection, generates alerts, and backs up data to protect your server from ransomware. You can create anti-ransomware policies based on which data on your server is backed up. This topic describes how to create a protection policy.
Prerequisites
Background information
- After you create a protection policy, Security Center automatically backs up data in protected directories on your server. If your server is attacked by ransomware, you can restore data based on the backups. This avoids impacts on your services.
- To make sure that the anti-ransomware capacity is effectively utilized, you can add a server to only one policy. You can add a maximum of 100 servers to each protection policy.
- The anti-ransomware client that is installed on your Elastic Compute Service (ECS) instance is used to back up data. You can back up data only if the client is running properly. After a protection policy is created, we recommend that you monitor the status of the anti-ransomware client and handle its exceptions in a timely manner. For more information, see Related operations.
- Only users of the Security Center Basic Anti-Virus, Advanced, and Enterprise editions can create anti-ransomware protection policies. If you want to create such policies, you must upgrade your Security Center service to one of these editions.
- The servers on which you want to create protection policies must meet requirements. For more information about the requirements, see Server requirements.
Supported regions
The anti-ransomware data backup feature is available in the following regions: China (Chengdu), China East 2 Finance, China North 2 Ali Gov, China (Shanghai), China (Hangzhou), China (Beijing), China (Shenzhen), China (Zhangjiakou), China (Hohhot), China (Qingdao), China (Hong Kong), Singapore (Singapore), Indonesia (Jakarta), Australia (Sydney), US (Silicon Valley), US (Virginia), Germany (Frankfurt), Japan (Tokyo), and India (Mumbai).
Server requirements
You can use the anti-ransomware feature only if your server meets the following conditions:
- Your server is an Alibaba Cloud ECS instance. The anti-ransomware feature supports data backup only for ECS instances. It does not support data backup for servers that are not deployed on Alibaba Cloud. You can create protection policies only for your ECS instance.
- Your ECS instance is deployed in a virtual private cloud (VPC). The data backup feature is supported only by ECS instances that are deployed in VPCs. ECS instances that are deployed in the classic network do not support the data backup feature.
- The operating system version of your server is supported by the anti-ransomware feature. Otherwise, the data backup feature is unavailable. For more information about supported operating systems, see Supported operating system versions.
Data backup
- You can incrementally back up data to protect your server against ransomware. If this is the first time you back up all data in protected directories based on a protection policy, a large number of CPU and memory resources are consumed. To avoid impacts on your services, we recommend that you back up your data during off-peak hours. In subsequent backups, Security Center backs up only files that are newly added, modified, or deleted. This reduces server resource consumption and prevents excessive consumption of the anti-ransomware capacity.
- Security Center starts a specific number of backup tasks based on the backup directories
that you specify in each protection policy.
- Back up all directories
- Linux operating systems: Security Center generates only one backup task.
- Windows operating systems: Security Center generates one data backup task for each
data disk. If your server runs a Windows operating system and has two data disks,
C and D, Security Center generates two data backup tasks. These two tasks start at
the same time. A Windows server consumes more CPU and memory resources than a Linux
server during backup.
Notice We recommend that you schedule the data backup based on the CPU utilization and memory usage of your server that runs a Windows operating system.
- Back up specific directoriesSecurity Center starts a data backup task for each directory specified in the protection policy. Security Center allows multiple data backup tasks to run at the same time. These tasks may consume a large number of CPU and memory resources. We recommend that you configure an appropriate number of backup directories based on your requirements.Note A more efficient backup process is under development. This backup process starts only one backup task on each client, which reduces the resource overheads for data backups. The process will be available soon.
- Back up all directories
Procedure
You can select Recommendation Policy or Custom policy to create a custom protection policy. To create a custom protection policy, perform the following steps:
What to do next

Related operations
- View the status of the anti-ransomware clientAfter a protection policy is created, you must check the status of the anti-ransomware client on the General Anti-ransomware Solutions page. Security Center can back up data for your server only if the anti-ransomware client is in the Client online state. If the status of the anti-ransomware client is Not Installed, failed, or Exception, data backup fails. You must handle the exception in the anti-ransomware client. You can use one of the following methods to handle the exception:
- Follow the instructions on the General Anti-ransomware Solutions page.
- To contact Alibaba Cloud security engineers, submit aticket.
- Install the anti-ransomware clientAfter a protection policy is created, Security Center automatically installs the anti-ransomware client on your ECS instance. If your ECS instance is not started or is configured with specific firewall policies, Security Center may fail to install the anti-ransomware client on the instance. If the anti-ransomware client cannot be installed, address the issue. Then, go to the General Anti-ransomware Solutions page and manually install the anti-ransomware client. For more information about how to manually install the anti-ransomware client, see Manage servers that are added to a protection policy.
- Uninstall the anti-ransomware clientNotice
- After the anti-ransomware client is uninstalled, Security Center deletes the server data that is backed up by the client. Deleted backup data cannot be recovered. Exercise caution when you uninstall the anti-ransomware client.
- After Security Center deletes the server data that is backed up by the client, it releases the anti-ransomware capacity. The anti-ransomware capacity is updated within 12 to 48 hours after the release. We recommend that you recheck the anti-ransomware capacity after a sufficient amount of time.
If you want to update the anti-ransomware client, go to the General Anti-ransomware Solutions page. Then, uninstall and reinstall the anti-ransomware client.