All Products
Search
Document Center

Security Center:Create an anti-ransomware policy

Last Updated:Mar 22, 2024

Ransomware can encrypt or steal data in your database to demand a ransom. Security Center provides the anti-ransomware feature. You can use the feature to create an anti-ransomware policy to back up data in your database. This way, if your database is infected by ransomware, you can restore your database by using backup data. This minimizes the impact of ransomware on your workloads. This topic describes how to create an anti-ransomware policy for a database.

Usage notes

  • If you backed up data in your database by using Alibaba Cloud Cloud Backup, you do not need to use the anti-ransomware feature to back up the data again.

  • If you backed up data in your database by using an anti-ransomware policy, we recommend that you do not use other backup software or scripts to back up the data again.

Prerequisites

A specific amount of anti-ransomware capacity is purchased. The permissions to use anti-ransomware are obtained. For more information, see Enable anti-ransomware.

Procedure

  1. Log on to the Security Center console. In the top navigation bar, select the region in which your asset resides. You can select China or Outside China.

  2. In the left-side navigation pane, choose Protection Configuration > Host Protection > Anti-ransomware.

  3. On the Anti-ransomware page, click the Database extortion virus protection tab and click Create Policies.

  4. In the Database protection strategy panel, create an anti-ransomware policy for a database.

    1. In the Change database step, configure the following parameters and click Next.

      Parameter

      Description

      Policy Name

      The name of the protection policy.

      Type

      • Automatic identification database

        The system automatically identifies the databases that are deployed on your server. We recommend that you select this option.

      • Manually enter the database

        If the database that you want to protect is not displayed in the list of databases after you select Automatic identification database, you can select this option and manually specify the database.

      Database

      The database that you want to protect or the server on which the database resides.

      Database type

      The type of the database that you want to protect. This parameter is required only if you set the Type parameter to Manually enter the database. Valid values:

      • MYSQL

      • ORACLE

      • MSSQL

      Account

      The username of the account that you can use to log on to the database. The account must have the permissions to back up data in the database. If you set the Database type parameter to ORACLE, you do not need to enter the username or password of the database.

      Important

      You must enter the username and password of the database instead of the server.

      Password

      The password of the account that you can use to log on to the database.

    2. In the Protection Policies step, configure the following parameters and click Finished.

      Parameter

      Description

      Protection Policies

      The anti-ransomware policy that you want to use. You can click Use recommendation strategy to use the recommended anti-ransomware policy provided by Security Center. If the recommended anti-ransomware policy cannot meet your business requirements, you can modify the policy.

      Full backup strategy

      The interval at which full backup is performed, the days of a week on which the full backup is performed, and the point in time at which the full backup starts.

      Full backup indicates that you back up all data that exists at a specific point in time. Full backup is time-consuming and requires a large amount of anti-ransomware capacity. We recommend that you set the Interval period parameter to 1 Week.

      Note

      The full backup policy and incremental backup policy take effect at the same time and do not affect each other.

      Incremental backup strategy

      The interval at which incremental backup is performed and the point in time at which the incremental backup starts.

      Incremental backup indicates that you back up only the data that is newly generated or modified after the last full or incremental backup. Incremental backup requires less time and less anti-ransomware capacity. We recommend that you set the Interval period parameter to 1 Day.

      Backup data retention time

      The retention period of the backup.

      Backup network bandwidth limit

      The maximum network bandwidth that is allowed during data backup. If you set this parameter to 0, the network bandwidth is unlimited.

      After the anti-ransomware policy for your database is created, Security Center automatically installs the anti-ransomware agent on your server, and the policy enters the Initializing state. After the anti-ransomware agent is installed on your server, Security Center backs up data in your database based on the backup policy that is configured in the anti-ransomware policy.

What to do next

After you create an anti-ransomware policy, you must precheck the database that is specified in the policy. If the precheck is successful, you can back up the data in the database. For more information, see Precheck a database.

After you create an anti-ransomware policy for your database, we recommend that you monitor the status of the anti-ransomware policy. If the policy is abnormal, perform troubleshooting at the earliest opportunity. For more information, see Troubleshoot the issues causing the abnormal status of an anti-ransomware policy for a database.

References