Ransomware has become the biggest threat to network security. Security Center provides a general anti-ransomware solution to defend against ransomware at stages before, during, and after attacks.

Background information

Anti-ransomware is a value-added feature that is provided by Security Center. If you use the Basic Anti-Virus, Advanced, or Enterprise edition, you can use the anti-ransomware data backup feature only after you purchase a specific amount of anti-ransomware capacity. If you use Security Center Basic, you must upgrade Security Center to the Basic Anti-Virus, Advanced, or Enterprise edition before you can use the anti-ransomware feature.

The anti-ransomware feature supports a limited number of operating system versions. You cannot install an anti-ransomware client or back up data for servers that run unsupported operating system versions. For more information, see Supported operating system versions.

  • The anti-ransomware data backup feature is available in the following regions: China (Chengdu), China East 2 Finance, China North 2 Ali Gov, China (Shanghai), China (Hangzhou), China (Beijing), China (Shenzhen), China (Zhangjiakou), China (Hohhot), China (Qingdao), China (Hong Kong), Singapore (Singapore), Indonesia (Jakarta), Australia (Sydney), US (Silicon Valley), US (Virginia), Germany (Frankfurt), Japan (Tokyo), and India (Mumbai).
  • The anti-ransomware data backup feature is only supported by Elastic Computing Service (ECS) instances that are deployed in virtual private clouds (VPCs). ECS instances deployed in the classic network do not support the anti-ransomware data backup feature.

How it works

The general anti-ransomware solution provides a layer-by-layer protection system against ransomware:
  • Block recognized ransomware in real time

    Security Center has blocked a large amount of ransomware identified by the Alibaba Cloud intelligence library. Security Center blocks ransomware at the earliest opportunity to prevent potential losses.

  • Trap and block new ransomware
    Security Center sets trap directories to block potential ransomware activities. To block new ransomware, Security Center immediately blocks unusual encryption activities when they are detected. At the same time, Security Center generates alerts to notify you of the potential threats.
    Note On the Settings page of the Security Center console, enable Anti-ransomware (Bait Capture) in the Proactive Defense section of the General tab. After you enable anti-ransomware (bait capture), Security Center sets trap directories on your servers to block potential ransomware. If you find a suspicious directory on your server, contact after-sales services or submit a ticket to check whether the directory is a trap directory set by Security Center. Trap directories do not affect your workloads and are not malicious. Trap directories cannot be manually deleted.
  • Restore infected files

    In addition to anti-ransomware, Security Center also supports data backup. This feature periodically backs up data and allows you to restore server data based on the specified time or file version. In scenarios where files on your servers are encrypted, you can restore the data to ensure the security of your servers.

Supported operating system versions

Operating system Version
Windows 7, 8, and 10
Windows Server 2008 R2, 2012, 2012 R2, 2016, and 2019
RHEL 7.0, 7.2, and 7.4
CentOS 6.5, 6.9, 7.2, 7.3, 7.4, 7.6, 7.7, 7.8, 7.9, and 8.2
Ubuntu 14.04, 16.04, 18.40, and 20.04
SUSE Linux Enterprise Server 11, 12, and 15
Note Anti-ransomware allows you to install the anti-ransomware client only for the operating systems that are listed in the preceding table. If you use other operating systems and versions, you cannot install the anti-ransomware client or back up data. We recommend that you check whether the operating system version of your server is supported before you use the anti-ransomware feature.