Ransomware is one of the major threats to network security. Security Center can protect your assets against ransomware, generate alerts when ransomware is detected, and allow you to back up data. This way, Security Center prevents ransomware from compromising your databases. You can create a protection policy to back up data in your database. This topic describes how to create a protection policy.

Prerequisites

A specific amount of anti-ransomware capacity is purchased. The permissions to use anti-ransomware are granted. For more information, see Enable the anti-ransomware feature.

Limits

  • Before you can create a protection policy, make sure that you do not use database backup software or services to back up data in the database that is deployed on your server. For example, if you use Hybrid Backup Recovery (HBR) to back up the data in your database, you cannot use anti-ransomware for databases supported by Security Center.
  • Anti-ransomware for databases is supported only for the following types of databases that are deployed on ECS instances:
    • MySQL database
    • Oracle database
    • SQL Server database

Supported regions

Anti-ransomware for databases is available in the following regions: China (Hohhot), China (Chengdu), and China (Shanghai).

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Defense > Anti-ransomware.
  3. On the General Anti-ransomware Solutions page, click the Database extortion virus protection tab.
  4. On the Database extortion virus protection tab, click Create Policies.
  5. In the Database protection strategy panel, create a protection policy for a database.
    To create the protection policy, perform the following operations:
    1. In the Change database step, configure the following parameters.
      Parameter Description
      Policy Name The name of the protection policy.
      Type The method that you use to select the required database. Valid values:
      • Automatic identification database
      • Manually enter the database
      Database type The type of the required database. If you set Type to Manually enter the database, you must configure this parameter. Valid values:
      • MySQL database
      • Oracle database
      • SQL Server database
      Account The account that you can use to log on to the required database. The account must have the permissions to back up data in the database.
      Note If you set Database type to ORACLE, you do not need to enter the username and password of the database.
      Password The password that you use to log on to the required database.
    2. Click Next.
    3. In the Protection Policies step, configure the parameters.
      The following table describes the parameters.
      Parameter Description
      Protection Policies Select the protection policy that you want to use. You can click Use recommendation policy to use the recommended protection policy that is provided by Security Center.
      Full backup strategy Select the interval at which full backup is performed and the time at which the full backup task starts. Units of the interval:
      • Hours
      • Day(s)
      • Week
      Note Full backup indicates that you back up all data that exists at a specific point in time. Full backup is time-consuming and requires a large amount of anti-ransomware capacity.
      Incremental backup strategy Select the interval at which incremental backup is performed and the time at which the incremental backup task starts. Units of the interval:
      • Hours
      • Day(s)
      • Week
      Note Incremental backup indicates that you back up only the data that is newly generated or modified after the last full or incremental backup task. Therefore, incremental backup is time-saving and requires less anti-ransomware capacity.
      Backup data retention time Select the retention period of the backup. Valid values:
      • 1day
      • 2days
      • 3days
      • 4days
      • 5days
      • 6days
      • 7days
      Backup network bandwidth limit Enter the maximum network bandwidth that is allowed during data backup. If you set this parameter to 0, network bandwidth is unlimited.
      Note By default, backup data is stored in three copies. As a result, the anti-ransomware capacity that is required is equal to the size of backup data multiplied by three. Insufficient anti-ransomware capacity leads to backup failures. To prevent backup failures, we recommend that you purchase additional anti-ransomware capacity. To purchase additional anti-ransomware capacity, perform the following operations: Log on to the Security Center console and choose Defense > Anti-ransomware in the left-side navigation pane. On the General Anti-ransomware Solutions page, click Upgrade below Used Capacity /Total.
  6. Click Finished.
    After the protection policy is created and enabled, Security Center automatically installs the anti-ransomware client on your server, and the status of the policy becomes Initializing. After the anti-ransomware client is installed on your server, Security Center backs up data in your database based on the backup policy that is configured in the protection policy.

What to do next

After the protection policy is created, you must precheck the database that is specified in the policy. If the precheck succeeds, you can back up the data in the database. For more information, see Precheck a database.