Ransomware has become the biggest threat to network security. Security Center provides a general anti-ransomware solution to defend against ransomware at stages before, during, and after attacks.
Only the Anti-virus, Advanced, Enterprise, and Ultimate editions of Security Center support this feature. If you use the Basic edition, you must upgrade Security Center to the Anti-virus, Advanced, Enterprise, or Ultimate edition before you can use this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Features.
Anti-ransomware is a value-added feature that is provided by Security Center. If you use the Anti-virus, Advanced, Enterprise, or Ultimate edition, you must purchase a specific amount of anti-ransomware capacity before you can use anti-ransomware data backup. If you use the Basic edition, you must upgrade Security Center to the Anti-virus, Advanced, Enterprise, or Ultimate edition or select Value-added Plan before you can use the anti-ransomware feature.
The anti-ransomware data backup feature is available in the following regions: China (Chengdu), China East 2 Finance, China North 2 Ali Gov, China (Shanghai), China (Hangzhou), China (Beijing), China (Shenzhen), China (Zhangjiakou), China (Hohhot), China (Qingdao), China (Hong Kong), Singapore (Singapore), Indonesia (Jakarta), Australia (Sydney), US (Silicon Valley), US (Virginia), Germany (Frankfurt), Japan (Tokyo), and India (Mumbai).
You can use the anti-ransomware feature only if your server meets the following conditions:
- Your server is an Alibaba Cloud ECS instance. The anti-ransomware feature supports data backup only for ECS instances. This feature does not support data backup for servers that are not deployed on Alibaba Cloud. You can create protection policies only for your ECS instances.
- The operating system version of your server is supported by the anti-ransomware feature. Otherwise, the data backup feature is unavailable. For more information about supported operating systems, see Supported operating system versions.
How anti-ransomware works
- Block recognized ransomware in real time
Security Center has blocked a large amount of ransomware recognized by the Alibaba Cloud intelligence library. Security Center blocks ransomware at the earliest opportunity to prevent potential loss.
- Trap and block new ransomwareSecurity Center sets trap directories to block potential ransomware activities. To block new ransomware, Security Center immediately blocks unusual encryption activities when they are detected. In addition, Security Center generates alerts to notify you of the potential threats.Note On the Settings page of the Security Center console, turn on Anti-ransomware (Bait Capture) in the Proactive Defense section of the General tab. For more information, see Use proactive defense. After you turn on Anti-ransomware (Bait Capture), Security Center sets trap directories on your servers to block potential ransomware activities. If you find a suspicious directory on your server, contact after-sales services or submit a ticket to check whether the directory is a trap directory set by Security Center. Trap directories do not affect your workloads and are not malicious. Trap directories cannot be manually deleted.
- Restore infected files
In addition to anti-ransomware, Security Center supports data backup. This feature periodically backs up data and allows you to restore server data based on the specified time or file version. In scenarios in which files on your servers are encrypted, you can restore the data to ensure the security of your servers.
Supported operating systems and versions
|Operating system||Supported version|
|Windows||7, 8, and 10|
|Windows Server||2008 R2, 2012, 2012 R2, 2016, and 2019|
|RHEL||7.0, 7.2, and 7.4|
|CentOS||6.5, 6.9, 7.2, 7.3, 7.4, 7.6, 7.7, 7.8, 7.9, and 8.2|
|Ubuntu||14.04, 16.04, 18.40, and 20.04|
|SUSE Linux Enterprise Server||11, 12, and 15|