Overview - Security Center - Alibaba Cloud Documentation Center

Ransomware is one of the major threats to network security. If ransomware intrudes into your servers or databases, data on your servers or databases may be encrypted for ransom. This causes severe risks, such as service interruptions, data leaks, and data loss. Security Center provides the features of anti-ransomware for servers and anti-ransomware for databases to defend against ransomware. You can use the features to protect your servers and databases from ransomware.

Background information

Security Center provides a hierarchical protection system against ransomware.

Block known ransomware in real time
Security Center has blocked a large amount of known ransomware by using the Alibaba Cloud intelligence library. Security Center blocks ransomware to avoid potential loss.
Capture and block unknown ransomware
Security Center sets trap directories on your servers to capture potential ransomware attacks. To protect against unknown ransomware, Security Center immediately blocks viruses that perform unusual encryption operations and notifies you of the operations for further handling. You can turn on Anti-ransomware (Bait Capture) in the Security Center console.

Note If you find a suspicious directory on your server after the feature is enabled, contact technical support to check whether the directory is a trap directory set by Security Center. Trap directories do not affect your workloads and are not malicious. Trap directories cannot be manually deleted.

Limits

Only the Anti-virus, Advanced, Enterprise, and Ultimate editions of Security Center support this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center.

Supported regions

Note When you create an anti-ransomware policy for a server that is not deployed on Alibaba Cloud, you must select the region in which the server is deployed. If an Elastic Compute Service (ECS) instance for which you want to create an anti-ransomware policy resides in a region in which the anti-ransomware feature is unavailable, the instance is not displayed in the asset list.


Feature	Area	Supported region
Anti-ransomware for servers	Chinese mainland	China (Hangzhou), China (Shanghai), and China East 2 Finance China (Qingdao), China North 2 Ali Gov 1, China (Beijing), China (Zhangjiakou), and China (Hohhot) China (Shenzhen) and China South 1 Finance China (Chengdu)
	Asia Pacific	Indonesia (Jakarta), Australia (Sydney), Japan (Tokyo), India (Mumbai), Malaysia (Kuala Lumpur), and China (Hong Kong)
	Europe & Americas	US (Silicon Valley), US (Virginia), and Germany (Frankfurt)
	Middle East	UAE (Dubai)
Anti-ransomware for databases	Chinese mainland	China (Hangzhou) and China (Shanghai) China (Beijing), China (Zhangjiakou), and China (Hohhot) China South 1 Finance China (Chengdu)
Anti-ransomware for databases	Asia Pacific	China (Hong Kong)

Resource requirements for backup

The following table describes resource requirements for backing up data of different volumes.


Backup data volume	CPU	Memory
100,000 files	Dual-core	4 GB
1 million files (up to 8 TB)	Dual-core	8 GB
10 million files	Quad-core	16 GB

Anti-ransomware for databases occupies a small number of resources to back up data while anti-ransomware for servers occupies a large number of resources to back up data. The process that anti-ransomware for servers runs to back up data occupies server resources. The required server resources vary based on the size and number of files. In most cases, your business is not affected. If you want to manage the server resources that are occupied to back up data, you can evaluate the backup speed and limit the maximum usage of server memory. For more information, see Backup speed and recovery speed and How can I limit the memory size of an HBR client?

Operating systems and versions supported by anti-ransomware for servers

Important The following table lists operating systems and versions that are supported by anti-ransomware for servers. You can install the anti-ransomware agent only on the servers that run supported operating system versions. If your use other operating systems and versions, you cannot install the anti-ransomware agent or back up data. Before you use the anti-ransomware feature, we recommend that you check whether the operating system version of your server is supported.


Operating system	Supported version
Windows	7, 8, and 10
Windows Server	2008 2008 R2, 2012, 2012 R2, 2016, and 2019
Red Hat Enterprise Linux (RHEL)	7.0, 7.2, 7.4, 7.5, 7.6, 7.7, 7.8, 8.0, 8.1, and 8.2
CentOS	6.5, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.2, and 8.3
Ubuntu	14.04, 16.04, 18.04, and 20.04
SUSE Linux Enterprise Server	11, 12, and 15

Database versions and operating system versions supported by anti-ransomware for databases

Important The following table lists database versions and operating system versions that are supported by anti-ransomware for databases. You can install the anti-ransomware agent only on the following types of databases and operating system versions. If your use other types of databases or operating system versions, you cannot install the anti-ransomware agent or back up data. Before you use the anti-ransomware feature, we recommend that you check whether the versions of your database and operating system on your server are supported.


Database type	Supported database version	Supported operating system version
Oracle	9i	SUSE 9.3, RHEL 4, RHEL 5, SLES 9, and CentOS 4.5
	10g	RHEL 9, RHEL 4, RHEL 5, CentOS 4.6, SUSE 11 SP4, and RHEL 6.5
	11g	RHEL 5, RHEL 6, CentOS 6.4, RHEL 6.5, CentOS 6.5, Oracle Enterprise Linux 6.7, RHEL 7, Windows Server 2008 R2, Windows Server 2012 R2, and RHEL 6.0
	12c	Windows Server 2008 R2, RHEL 6.5, RHEL 6.5, and RHEL 7.5
	18c	RHEL 7.0 and Windows Server 2008 R2
	19c	Oracle Enterprise Linux 7.0
Oracle RAC	9i	SUSE 9.3 and RHEL
	10g	RHEL 5 and Windows Server 2008 R2
	11g	Windows Server 2008 R2, RHEL 5, Oracle Enterprise Linux 6.4, RHEL 6.5, and iSoft Server OS V3.0
	12c	CentOS 6, RHEL 6.5, Windows Server 2008 R2, CentOS 6.7, and Oracle Enterprise Linux 6
	18c	Windows Server 2008 R2
	19c	RHEL 7.6
Oracle Data Guard	11g	CentOS 6.4, CentOS 6.5, RHEL 6, and Windows Server 2008 R2
Oracle Data Guard	12c	Oracle Enterprise Linux 6
MySQL	5.0	RHEL 5.0, RHEL 6.0, RHEL 6.5, Ubuntu 12.10, SLES 10, SUSE 11 SP4, Ubuntu 11.10, and Neokylin 6.0
	5.1	RHEL 6.5, SUSE 11 SP4, RHEL 6.5, and RHEL 6.0
	5.4	RHEL 6.5 and SUSE 11 SP4
	5.5	Ubuntu 12.04, Ubuntu 14.04, Debian 7.8, Debian 8.3, CentOS 6.0, and RHEL 6.5
	5.6	RHEL 5.0, RHEL 6.0, RHEL 6.5, Ubuntu 14.04, CentOS 6.0, and CentOS 7.2
	5.7	RHEL 6.0, RHEL 7.0, CentOS 7.0, RHEL 6.5, Ubuntu 16.04, CentOS 7.2, RHEL 7.0, and NeoKylin 7.0
SQL Server	2005	Windows Server 2008 R2 SP1
	2008	Windows Server 2008 R2 and Windows Server 2008 R2 Service Pack 1
	2008 R2	Windows Server 2008 R2
	2012	Windows Server 2012 RC
	2014	Windows Server 2008 R2 Service Pack 1 and Windows Server 2016
	2016 (RTM)	Windows Sever 2012 R2
	2017	Windows Server 2012 and Windows Server 2016
	2019	Windows Server 2016
SQL Server Always On	2012, 2016, and 2017	Windows Sever 2012 R2