Ransomware is one of the major threats to network security. If ransomware intrudes into your servers or databases, data on your servers or databases may be encrypted for ransom. This causes severe risks, such as service interruptions, data leaks, and data loss. Security Center provides the features of anti-ransomware for servers and anti-ransomware for databases to defend against ransomware. You can use the features to protect your servers and databases from ransomware.

Background information

Security Center provides a hierarchical protection system against ransomware.
  • Block known ransomware in real time

    Security Center has blocked a large amount of known ransomware by using the Alibaba Cloud intelligence library. Security Center blocks ransomware to avoid potential loss.

  • Capture and block unknown ransomware
    Security Center sets trap directories on your servers to capture potential ransomware attacks. To protect against unknown ransomware, Security Center immediately blocks viruses that perform unusual encryption operations and notifies you of the operations for further handling. You can turn on Anti-ransomware (Bait Capture) in the Security Center console.
    Note If you find a suspicious directory on your server after the feature is enabled, contact technical support to check whether the directory is a trap directory set by Security Center. Trap directories do not affect your workloads and are not malicious. Trap directories cannot be manually deleted.

Limits

Only the Anti-virus, Advanced, Enterprise, and Ultimate editions of Security Center support this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center.

Supported regions

Note When you create an anti-ransomware policy for a server that is not deployed on Alibaba Cloud, you must select the region in which the server is deployed. If an Elastic Compute Service (ECS) instance for which you want to create an anti-ransomware policy resides in a region in which the anti-ransomware feature is unavailable, the instance is not displayed in the asset list.
Feature Area Supported region
Anti-ransomware for servers Chinese mainland
  • China (Hangzhou), China (Shanghai), and China East 2 Finance
  • China (Qingdao), China North 2 Ali Gov 1, China (Beijing), China (Zhangjiakou), and China (Hohhot)
  • China (Shenzhen) and China South 1 Finance
  • China (Chengdu)
Asia Pacific Indonesia (Jakarta), Australia (Sydney), Japan (Tokyo), India (Mumbai), Malaysia (Kuala Lumpur), and China (Hong Kong)
Europe & Americas US (Silicon Valley), US (Virginia), and Germany (Frankfurt)
Middle East UAE (Dubai)
Anti-ransomware for databases Chinese mainland
  • China (Hangzhou) and China (Shanghai)
  • China (Beijing), China (Zhangjiakou), and China (Hohhot)
  • China South 1 Finance
  • China (Chengdu)
Asia Pacific China (Hong Kong)

Resource requirements for backup

The following table describes resource requirements for backing up data of different volumes.

Backup data volume CPU Memory
100,000 files Dual-core 4 GB
1 million files (up to 8 TB) Dual-core 8 GB
10 million files Quad-core 16 GB

Anti-ransomware for databases occupies a small number of resources to back up data while anti-ransomware for servers occupies a large number of resources to back up data. The process that anti-ransomware for servers runs to back up data occupies server resources. The required server resources vary based on the size and number of files. In most cases, your business is not affected. If you want to manage the server resources that are occupied to back up data, you can evaluate the backup speed and limit the maximum usage of server memory. For more information, see Backup speed and recovery speed and How can I limit the memory size of an HBR client?

Operating systems and versions supported by anti-ransomware for servers

Important The following table lists operating systems and versions that are supported by anti-ransomware for servers. You can install the anti-ransomware agent only on the servers that run supported operating system versions. If your use other operating systems and versions, you cannot install the anti-ransomware agent or back up data. Before you use the anti-ransomware feature, we recommend that you check whether the operating system version of your server is supported.
Operating system Supported version
Windows 7, 8, and 10
Windows Server 2008 2008 R2, 2012, 2012 R2, 2016, and 2019
Red Hat Enterprise Linux (RHEL) 7.0, 7.2, 7.4, 7.5, 7.6, 7.7, 7.8, 8.0, 8.1, and 8.2
CentOS 6.5, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.2, and 8.3
Ubuntu 14.04, 16.04, 18.04, and 20.04
SUSE Linux Enterprise Server 11, 12, and 15

Database versions and operating system versions supported by anti-ransomware for databases

Important The following table lists database versions and operating system versions that are supported by anti-ransomware for databases. You can install the anti-ransomware agent only on the following types of databases and operating system versions. If your use other types of databases or operating system versions, you cannot install the anti-ransomware agent or back up data. Before you use the anti-ransomware feature, we recommend that you check whether the versions of your database and operating system on your server are supported.
Database type Supported database version Supported operating system version
Oracle 9i SUSE 9.3, RHEL 4, RHEL 5, SLES 9, and CentOS 4.5
10g RHEL 9, RHEL 4, RHEL 5, CentOS 4.6, SUSE 11 SP4, and RHEL 6.5
11g RHEL 5, RHEL 6, CentOS 6.4, RHEL 6.5, CentOS 6.5, Oracle Enterprise Linux 6.7, RHEL 7, Windows Server 2008 R2, Windows Server 2012 R2, and RHEL 6.0
12c Windows Server 2008 R2, RHEL 6.5, RHEL 6.5, and RHEL 7.5
18c RHEL 7.0 and Windows Server 2008 R2
19c Oracle Enterprise Linux 7.0
Oracle RAC 9i SUSE 9.3 and RHEL
10g RHEL 5 and Windows Server 2008 R2
11g Windows Server 2008 R2, RHEL 5, Oracle Enterprise Linux 6.4, RHEL 6.5, and iSoft Server OS V3.0
12c CentOS 6, RHEL 6.5, Windows Server 2008 R2, CentOS 6.7, and Oracle Enterprise Linux 6
18c Windows Server 2008 R2
19c RHEL 7.6
Oracle Data Guard 11g CentOS 6.4, CentOS 6.5, RHEL 6, and Windows Server 2008 R2
12c Oracle Enterprise Linux 6
MySQL 5.0 RHEL 5.0, RHEL 6.0, RHEL 6.5, Ubuntu 12.10, SLES 10, SUSE 11 SP4, Ubuntu 11.10, and Neokylin 6.0
5.1 RHEL 6.5, SUSE 11 SP4, RHEL 6.5, and RHEL 6.0
5.4 RHEL 6.5 and SUSE 11 SP4
5.5 Ubuntu 12.04, Ubuntu 14.04, Debian 7.8, Debian 8.3, CentOS 6.0, and RHEL 6.5
5.6 RHEL 5.0, RHEL 6.0, RHEL 6.5, Ubuntu 14.04, CentOS 6.0, and CentOS 7.2
5.7 RHEL 6.0, RHEL 7.0, CentOS 7.0, RHEL 6.5, Ubuntu 16.04, CentOS 7.2, RHEL 7.0, and NeoKylin 7.0
SQL Server 2005 Windows Server 2008 R2 SP1
2008 Windows Server 2008 R2 and Windows Server 2008 R2 Service Pack 1
2008 R2 Windows Server 2008 R2
2012 Windows Server 2012 RC
2014 Windows Server 2008 R2 Service Pack 1 and Windows Server 2016
2016 (RTM) Windows Sever 2012 R2
2017 Windows Server 2012 and Windows Server 2016
2019 Windows Server 2016
SQL Server Always On 2012, 2016, and 2017 Windows Sever 2012 R2