Ransomware has become the biggest threat to network security. Security Center provides a general anti-ransomware solution to defend against ransomware at stages before, during, and after attacks.
Anti-ransomware is a value-added feature that is provided by Security Center. If you use the Basic Anti-Virus, Advanced, or Enterprise edition, you can use the anti-ransomware data backup feature only after you purchase a specific amount of anti-ransomware capacity. If you use Security Center Basic, you must upgrade Security Center to the Basic Anti-Virus, Advanced, or Enterprise edition before you can use the anti-ransomware feature.
The anti-ransomware feature supports a limited number of operating system versions. You cannot install an anti-ransomware client or back up data for servers that run unsupported operating system versions. For more information, see Supported operating system versions.
- The anti-ransomware data backup feature is available in the following regions: China (Chengdu), China East 2 Finance, China North 2 Ali Gov, China (Shanghai), China (Hangzhou), China (Beijing), China (Shenzhen), China (Zhangjiakou), China (Hohhot), China (Qingdao), China (Hong Kong), Singapore (Singapore), Indonesia (Jakarta), Australia (Sydney), US (Silicon Valley), US (Virginia), Germany (Frankfurt), Japan (Tokyo), and India (Mumbai).
- The anti-ransomware data backup feature is only supported by Elastic Computing Service (ECS) instances that are deployed in virtual private clouds (VPCs). ECS instances deployed in the classic network do not support the anti-ransomware data backup feature.
How it works
- Block recognized ransomware in real time
Security Center has blocked a large amount of ransomware identified by the Alibaba Cloud intelligence library. Security Center blocks ransomware at the earliest opportunity to prevent potential losses.
- Trap and block new ransomwareSecurity Center sets trap directories to block potential ransomware activities. To block new ransomware, Security Center immediately blocks unusual encryption activities when they are detected. At the same time, Security Center generates alerts to notify you of the potential threats.Note On the Settings page of the Security Center console, enable Anti-ransomware (Bait Capture) in the Proactive Defense section of the General tab. After you enable anti-ransomware (bait capture), Security Center sets trap directories on your servers to block potential ransomware. If you find a suspicious directory on your server, contact after-sales services or submit a ticket to check whether the directory is a trap directory set by Security Center. Trap directories do not affect your workloads and are not malicious. Trap directories cannot be manually deleted.
- Restore infected files
In addition to anti-ransomware, Security Center also supports data backup. This feature periodically backs up data and allows you to restore server data based on the specified time or file version. In scenarios where files on your servers are encrypted, you can restore the data to ensure the security of your servers.
Supported operating system versions
|Windows||7, 8, and 10|
|Windows Server||2008 R2, 2012, 2012 R2, 2016, and 2019|
|RHEL||7.0, 7.2, and 7.4|
|CentOS||6.5, 6.9, 7.2, 7.3, 7.4, 7.6, 7.7, 7.8, 7.9, and 8.2|
|Ubuntu||14.04, 16.04, 18.40, and 20.04|
|SUSE Linux Enterprise Server||11, 12, and 15|