Ransomware is one of the major threats to network security. Security Center provides a general anti-ransomware solution. The solution supports the features of anti-ransomware for servers and anti-ransomware for databases. This way, you can protect your servers and databases from ransomware.
Limits
Only the Anti-virus, Advanced, Enterprise, and Ultimate editions of Security Center support this feature. If you use the Basic edition, you must upgrade Security Center to the Anti-virus, Advanced, Enterprise, or Ultimate edition before you can use this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Features.
Background information
Anti-ransomware is a value-added feature that is provided by Security Center. If you use the Anti-virus, Advanced, Enterprise, or Ultimate edition, you must purchase a specific amount of anti-ransomware capacity before you can use anti-ransomware to back up data. If you use the Basic edition, you must upgrade Security Center to the Anti-virus, Advanced, Enterprise, or Ultimate edition or purchase the Value-added Plan edition, and purchase a specific amount of anti-ransomware capacity before you can use the anti-ransomware feature.
Supported regions
Anti-ransomware for servers
Anti-ransomware for servers is available in the following regions: China (Hangzhou), China (Shanghai), China East 2 Finance, China South 1 Finance, China (Qingdao), China North 2 Ali Gov 1, China (Beijing), China (Zhangjiakou), China (Hohhot), China (Chengdu), China (Shenzhen), China (Hong Kong), Indonesia (Jakarta), Australia (Sydney), US (Silicon Valley), US (Virginia), Germany (Frankfurt), Japan (Tokyo), India (Mumbai), and UAE (Dubai).
Anti-ransomware for databases
Anti-ransomware for databases is available in the following regions: China (Hangzhou), China (Shanghai), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Chengdu), and China (Hong Kong).
Limits
- You must use the Anti-virus, Advanced, Enterprise, Ultimate, or Value-added Plan edition of Security Center and purchase a specific amount of anti-ransomware capacity before you can create anti-ransomware policies. If you want to create anti-ransomware policies but Security Center runs the Basic edition, you must upgrade Security Center to the Anti-virus, Advanced, Enterprise, Ultimate, or Value-added Plan edition and purchase a specific amount of anti-ransomware capacity.
- The operating system version of your server must be supported by anti-ransomware for servers. If the operating system version is not supported, the data of your server cannot be backed up. For more information about supported operating system versions, see Operating systems and versions supported by anti-ransomware for servers.
- You must use the Anti-virus, Advanced, Enterprise, Ultimate, or Value-added Plan edition of Security Center and purchase a specific amount of anti-ransomware capacity before you can create anti-ransomware policies. If you want to create anti-ransomware policies but Security Center runs the Basic edition, you must upgrade Security Center to the Anti-virus, Advanced, Enterprise, Ultimate, or Value-added Plan edition and purchase a specific amount of anti-ransomware capacity.
- The database version and operating system version of your server must be supported by anti-ransomware for databases. If the database version or operating system version is not supported, the data of your databases cannot be backed up. For more information about supported database versions and operating system versions, see Database versions and operating system versions supported by anti-ransomware for databases.
How anti-ransomware works
- Block recognized ransomware in real time
Security Center has blocked a large amount of ransomware recognized by the Alibaba Cloud intelligence library. Security Center blocks ransomware at the earliest opportunity to prevent potential loss.
- Trap and block new ransomwareSecurity Center sets trap directories to block potential ransomware activities. To block new ransomware, Security Center immediately blocks unusual encryption activities when they are detected. In addition, Security Center generates alerts to notify you of the potential threats.Note On the Settings page of the Security Center console, turn on Anti-ransomware (Bait Capture) in the Proactive Defense section of the General tab. For more information, see Use proactive defense. After you turn on Anti-ransomware (Bait Capture), Security Center sets trap directories on your servers to block potential ransomware activities. If you find a suspicious directory on your server, contact after-sales services or submit a ticket to check whether the directory is a trap directory set by Security Center. Trap directories do not affect your workloads and are not malicious. Trap directories cannot be manually deleted.
- Restore infected files
In addition to anti-ransomware, Security Center supports data backup. This feature periodically backs up data and allows you to restore server data based on the specified time or file version. In scenarios in which files on your servers are encrypted, you can restore the data to ensure the security of your servers.
Operating systems and versions supported by anti-ransomware for servers
| Operating system | Supported version |
|---|---|
| Windows | 7, 8, and 10 |
| Windows Server | 2008 R2, 2012, 2012 R2, 2016, and 2019 |
| Red Hat Enterprise Linux (RHEL) | 7.0, 7.2, 7.4, 7.5, 7.6, 7.7, 7.8, 8, 8.1, and 8.2 |
| CentOS | 6.5, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.2, and 8.3 |
| Ubuntu | 14.04, 16.04, 18.40, and 20.04 |
| SUSE Linux Enterprise Server | 11, 12, and 15 |
Database versions and operating system versions supported by anti-ransomware for databases
| Database type | Supported database version | Supported operating system version |
|---|---|---|
| Oracle | 9i | SUSE 9.3, RHEL 4, RHEL 5, SLES 9, and CentOS 4.5 |
| 10g | RHEL 9, RHEL 4, RHEL 5, CentOS 4.6, SUSE 11 SP4, and RHEL 6.5 | |
| 11g | RHEL 5, RHEL 6, CentOS 6.4, RHEL 6.5, CentOS 6.5, Oracle Enterprise Linux 6.7, RHEL 7, Windows Server 2008 R2, Windows Server 2012 R2, and RHEL 6.0 | |
| 12c | Windows Server 2008 R2, RHEL 6.5, RHEL 6.5, and RHEL 7.5 | |
| 18c | RHEL 7.0 and Windows Server 2008 R2 | |
| 19c | Oracle Enterprise Linux 7.0 | |
| Oracle RAC | 9i | SUSE 9.3 and RHEL |
| 10g | RHEL 5 and Windows Server 2008 R2 | |
| 11g | Windows Server 2008 R2, RHEL 5, Oracle Enterprise Linux 6.4, RHEL 6.5, and iSoft Server OS V3.0 | |
| 12c | CentOS 6, RHEL 6.5, Windows Server 2008 R2, CentOS 6.7, and Oracle Enterprise Linux 6 | |
| 18c | Windows Server 2008 R2 | |
| 19c | RHEL 7.6 | |
| Oracle Data Guard | 11g | CentOS 6.4, CentOS 6.5, RHEL 6, and Windows Server 2008 R2 |
| 12c | Oracle Enterprise Linux 6 | |
| MySQL | 5.0 | RHEL 5.0, RHEL 6.0, RHEL 6.5, Ubuntu 12.10, SLES 10, SUSE 11 SP4, Ubuntu 11.10, and Neokylin 6.0 |
| 5.1 | RHEL 6.5, SUSE 11 SP4, RHEL 6.5, and RHEL 6.0 | |
| 5.4 | RHEL 6.5 and SUSE 11 SP4 | |
| 5.5 | Ubuntu 12.04, Ubuntu 14.04, Debian 7.8, Debian 8.3, CentOS 6.0, and RHEL 6.5 | |
| 5.6 | RHEL 5.0, RHEL 6.0, RHEL 6.5, Ubuntu 14.04, CentOS 6.0, and CentOS 7.2 | |
| 5.7 | RHEL 6.0, RHEL 7.0, CentOS 7.0, RHEL 6.5, Ubuntu 16.04, CentOS 7.2, RHEL 7.0, and NeoKylin 7.0 | |
| 8.0 | CentOS 6.7, RHEL 6.5, and CentOS 7.0 | |
| Microsoft SQL Server | 2005 | Windows Server 2008 R2 Service Pack 1 |
| 2008 | Windows Server 2008 R2 and Windows Server 2008 R2 Service Pack 1 | |
| 2008 R2 | Windows Server 2008 R2 | |
| 2012 | Windows Server 2012 RC | |
| 2014 | Windows Server 2008 R2 Service Pack 1 and Windows Server 2016 | |
| 2016 (RTM) | Windows Server 2012 R2 | |
| 2017 | Windows Server 2012 and Windows Server 2016 | |
| 2019 | Windows Server 2016 | |
| SQL Server AlwaysOn | 2012, 2016, and 2017 | Windows Server 2012 R2 |