Ransomware has become the biggest threat to network security. Security Center provides a general anti-ransomware solution to defend against ransomware at stages before, during, and after attacks.

Background information

Anti-ransomware is a value-added feature that is provided by Security Center. If you use the Basic Anti-Virus, Advanced, or Enterprise edition, you can use the anti-ransomware data backup function only after you purchase a specific amount of anti-ransomware capacity. If you use the Basic edition, you must upgrade Security Center to the Basic Anti-Virus, Advanced, or Enterprise edition before you can use the anti-ransomware feature.

The anti-ransomware feature supports a limited number of operating system versions. You cannot install an anti-ransomware client or back up data for servers that run unsupported operating system versions. For more information about the supported operating system versions, see Supported operating system versions.

Note
  • The anti-ransomware data backup function is available in the following regions: China (Chengdu), China East 2 Finance, China North 2 Ali Gov, China (Shanghai), China (Hangzhou), China (Beijing), China (Shenzhen), China (Zhangjiakou-Beijing Winter Olympics), China (Hohhot), China (Qingdao), China (Hong Kong), Singapore (Singapore), Indonesia (Jakarta), Australia (Sydney), US (Silicon Valley), US (Virginia), Germany (Frankfurt), Japan (Tokyo), and India (Mumbai).
  • The anti-ransomware data backup function is only supported by Elastic Computing Service (ECS) instances that are deployed in virtual private clouds (VPCs). ECS instances deployed in the classic network do not support the anti-ransomware data backup function.

How it works

The general anti-ransomware solution provides a layer-by-layer protection system against ransomware:
  • Block recognized ransomware in real time

    Based on the Alibaba Cloud intelligence library, Security Center has blocked a large amount of ransomware identified by the intelligence library. Security Center blocks ransomware at the earliest opportunity to prevent potential losses.

  • Trap and block new ransomware
    Security Center sets trap directories to block potential ransomware activities. To block new ransomware, Security Center immediately blocks unusual encryption activities when they are detected. At the same time, Security Center generates alerts to notify you of the potential threats.
    Note Security Center sets trap directories on your servers to block potential ransomware. If you find a suspicious directory on your server, contact after-sales services or submit aticket to check whether this directory is a trap directory set by Security Center. Trap directories do not affect your business and they are not malicious. Trap directories cannot be manually deleted.
  • Restore infected files

    In addition to anti-ransomware, Security Center also supports data backup. This function periodically backs up data and allows you to restore server data based on the specified time or file version. In scenarios where files in your servers are encrypted, you can restore the data to ensure the security of your servers.

Supported operating system versions

Operating system Version
Windows 7, 8, and 10
Windows Server 2008 R2, 2012, 2012 R2, 2016, and 2019
RHEL 7.0, 7.2, and 7.4
CentOS 6.5, 6.9, 7.2, 7.3, 7.4, and 8.2
Ubuntu 14.04, 16.04, 18.40, and 20.04
SUSE Linux Enterprise Server 11, 12, and 15
Note Anti-ransomware allows you to install the anti-ransomware client for only the operating systems that are listed in the preceding table. If you use other operating systems and versions, you cannot install the anti-ransomware client or back up data. We recommend that you check whether the operating system version of your server is supported before you use the anti-ransomware feature.