Ransomware is one of the major threats to network security. Security Center provides a general anti-ransomware solution. The solution supports the features of anti-ransomware for servers and anti-ransomware for databases. This way, you can protect your servers and databases from ransomware.

Limits

Only the Anti-virus, Advanced, Enterprise, and Ultimate editions of Security Center support this feature. If you use the Basic edition, you must upgrade Security Center to the Anti-virus, Advanced, Enterprise, or Ultimate edition before you can use this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Features.

Background information

Anti-ransomware is a value-added feature that is provided by Security Center. If you use the Anti-virus, Advanced, Enterprise, or Ultimate edition, you must purchase a specific amount of anti-ransomware capacity before you can use anti-ransomware to back up data. If you use the Basic edition, you must upgrade Security Center to the Anti-virus, Advanced, Enterprise, or Ultimate edition or purchase the Value-added Plan edition, and purchase a specific amount of anti-ransomware capacity before you can use the anti-ransomware feature.

Supported regions

When you create an anti-ransomware policy for a server that is not deployed on Alibaba Cloud, you must select the region in which the server is deployed. If the server is deployed in a region in which the anti-ransomware feature is unavailable, you cannot use the feature.
Note If you create an anti-ransomware policy for an ECS instance, you do not need to select a region in which the anti-ransomware feature is available.

Anti-ransomware for servers

Anti-ransomware for servers is available in the following regions: China (Hangzhou), China (Shanghai), China East 2 Finance, China South 1 Finance, China (Qingdao), China North 2 Ali Gov 1, China (Beijing), China (Zhangjiakou), China (Hohhot), China (Chengdu), China (Shenzhen), China (Hong Kong), Indonesia (Jakarta), Australia (Sydney), US (Silicon Valley), US (Virginia), Germany (Frankfurt), Japan (Tokyo), India (Mumbai), and UAE (Dubai).

Anti-ransomware for databases

Anti-ransomware for databases is available in the following regions: China (Hangzhou), China (Shanghai), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Chengdu), and China (Hong Kong).

Limits

Limits on anti-ransomware for servers:
  • You must use the Anti-virus, Advanced, Enterprise, Ultimate, or Value-added Plan edition of Security Center and purchase a specific amount of anti-ransomware capacity before you can create anti-ransomware policies. If you want to create anti-ransomware policies but Security Center runs the Basic edition, you must upgrade Security Center to the Anti-virus, Advanced, Enterprise, Ultimate, or Value-added Plan edition and purchase a specific amount of anti-ransomware capacity.
  • The operating system version of your server must be supported by anti-ransomware for servers. If the operating system version is not supported, the data of your server cannot be backed up. For more information about supported operating system versions, see Operating systems and versions supported by anti-ransomware for servers.
Limits on anti-ransomware for databases:
  • You must use the Anti-virus, Advanced, Enterprise, Ultimate, or Value-added Plan edition of Security Center and purchase a specific amount of anti-ransomware capacity before you can create anti-ransomware policies. If you want to create anti-ransomware policies but Security Center runs the Basic edition, you must upgrade Security Center to the Anti-virus, Advanced, Enterprise, Ultimate, or Value-added Plan edition and purchase a specific amount of anti-ransomware capacity.
  • The database version and operating system version of your server must be supported by anti-ransomware for databases. If the database version or operating system version is not supported, the data of your databases cannot be backed up. For more information about supported database versions and operating system versions, see Database versions and operating system versions supported by anti-ransomware for databases.

How anti-ransomware works

The general anti-ransomware solution provides a layer-by-layer protection system against ransomware.
  • Block recognized ransomware in real time

    Security Center has blocked a large amount of ransomware recognized by the Alibaba Cloud intelligence library. Security Center blocks ransomware at the earliest opportunity to prevent potential loss.

  • Trap and block new ransomware
    Security Center sets trap directories to block potential ransomware activities. To block new ransomware, Security Center immediately blocks unusual encryption activities when they are detected. In addition, Security Center generates alerts to notify you of the potential threats.
    Note On the Settings page of the Security Center console, turn on Anti-ransomware (Bait Capture) in the Proactive Defense section of the General tab. For more information, see Use proactive defense. After you turn on Anti-ransomware (Bait Capture), Security Center sets trap directories on your servers to block potential ransomware activities. If you find a suspicious directory on your server, contact after-sales services or submit a ticket to check whether the directory is a trap directory set by Security Center. Trap directories do not affect your workloads and are not malicious. Trap directories cannot be manually deleted.
  • Restore infected files

    In addition to anti-ransomware, Security Center supports data backup. This feature periodically backs up data and allows you to restore server data based on the specified time or file version. In scenarios in which files on your servers are encrypted, you can restore the data to ensure the security of your servers.

Operating systems and versions supported by anti-ransomware for servers

Notice The following table lists operating systems and versions that are supported by anti-ransomware for servers. You can install the anti-ransomware agent only on the servers that run supported operating system versions. If your use other operating systems and versions, you cannot install the anti-ransomware agent or back up data. Before you use the anti-ransomware feature, we recommend that you check whether the operating system version of your server is supported.
Operating system Supported version
Windows 7, 8, and 10
Windows Server 2008 R2, 2012, 2012 R2, 2016, and 2019
Red Hat Enterprise Linux (RHEL) 7.0, 7.2, 7.4, 7.5, 7.6, 7.7, 7.8, 8, 8.1, and 8.2
CentOS 6.5, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.2, and 8.3
Ubuntu 14.04, 16.04, 18.40, and 20.04
SUSE Linux Enterprise Server 11, 12, and 15

Database versions and operating system versions supported by anti-ransomware for databases

Notice The following table lists database versions and operating system versions that are supported by anti-ransomware for databases. You can install the anti-ransomware agent only on the following types of databases and operating system versions. If your use other types of databases or operating system versions, you cannot install the anti-ransomware agent or back up data. Before you use the anti-ransomware feature, we recommend that you check whether the versions of your database and operating system on your server are supported.
Database type Supported database version Supported operating system version
Oracle 9i SUSE 9.3, RHEL 4, RHEL 5, SLES 9, and CentOS 4.5
10g RHEL 9, RHEL 4, RHEL 5, CentOS 4.6, SUSE 11 SP4, and RHEL 6.5
11g RHEL 5, RHEL 6, CentOS 6.4, RHEL 6.5, CentOS 6.5, Oracle Enterprise Linux 6.7, RHEL 7, Windows Server 2008 R2, Windows Server 2012 R2, and RHEL 6.0
12c Windows Server 2008 R2, RHEL 6.5, RHEL 6.5, and RHEL 7.5
18c RHEL 7.0 and Windows Server 2008 R2
19c Oracle Enterprise Linux 7.0
Oracle RAC 9i SUSE 9.3 and RHEL
10g RHEL 5 and Windows Server 2008 R2
11g Windows Server 2008 R2, RHEL 5, Oracle Enterprise Linux 6.4, RHEL 6.5, and iSoft Server OS V3.0
12c CentOS 6, RHEL 6.5, Windows Server 2008 R2, CentOS 6.7, and Oracle Enterprise Linux 6
18c Windows Server 2008 R2
19c RHEL 7.6
Oracle Data Guard 11g CentOS 6.4, CentOS 6.5, RHEL 6, and Windows Server 2008 R2
12c Oracle Enterprise Linux 6
MySQL 5.0 RHEL 5.0, RHEL 6.0, RHEL 6.5, Ubuntu 12.10, SLES 10, SUSE 11 SP4, Ubuntu 11.10, and Neokylin 6.0
5.1 RHEL 6.5, SUSE 11 SP4, RHEL 6.5, and RHEL 6.0
5.4 RHEL 6.5 and SUSE 11 SP4
5.5 Ubuntu 12.04, Ubuntu 14.04, Debian 7.8, Debian 8.3, CentOS 6.0, and RHEL 6.5
5.6 RHEL 5.0, RHEL 6.0, RHEL 6.5, Ubuntu 14.04, CentOS 6.0, and CentOS 7.2
5.7 RHEL 6.0, RHEL 7.0, CentOS 7.0, RHEL 6.5, Ubuntu 16.04, CentOS 7.2, RHEL 7.0, and NeoKylin 7.0
8.0 CentOS 6.7, RHEL 6.5, and CentOS 7.0
Microsoft SQL Server 2005 Windows Server 2008 R2 Service Pack 1
2008 Windows Server 2008 R2 and Windows Server 2008 R2 Service Pack 1
2008 R2 Windows Server 2008 R2
2012 Windows Server 2012 RC
2014 Windows Server 2008 R2 Service Pack 1 and Windows Server 2016
2016 (RTM) Windows Server 2012 R2
2017 Windows Server 2012 and Windows Server 2016
2019 Windows Server 2016
SQL Server AlwaysOn 2012, 2016, and 2017 Windows Server 2012 R2