Ransomware can encrypt or steal your database data to demand a ransom. The anti-ransomware feature in Security Center lets you create backup-based protection policies for your databases. If ransomware infects your database, you can restore from backup data and minimize the impact on your workloads.
Prerequisites
Before you begin, make sure you have:
Anti-ransomware capacity purchased and permissions granted. For details, see Enable anti-ransomware.
The Security Center agent installed on the server where the database runs.
If the database is already protected by Alibaba Cloud Cloud Backup, the anti-ransomware feature is not required — Cloud Backup covers it.
If you back up your database using an anti-ransomware policy, we recommend that you do not use other backup software or scripts to back up the same database.
Create a database anti-ransomware policy
Log on to the Security Center console. In the top navigation bar, select the region where your asset resides: China or Outside China.Log on to the Security Center console.
In the left-side navigation pane, choose Protection Configuration > Host Protection > Anti-ransomware.
Click the Anti-ransomware for Databases tab, then click Create Policies.
In the Anti-ransomware Policy for Database panel, complete the two-step configuration. Step 1: Change database Configure the following parameters, then click Next. Step 2: Protection policies Configure the backup schedule, then click Finished.
After you create a policy, Security Center automatically backs up the most recently created ORACLE database instance, as well as all MSSQL instances and databases. To adjust the protection scope later, see Edit an anti-ransomware policy.
The full backup policy and incremental backup policy take effect at the same time and do not affect each other.
Parameter Description Policy Name A name for the protection policy. Type How Security Center identifies the database to protect. Select Automatically Identify Database (recommended) to let the system discover databases on your server. If the target database does not appear in the list, select Manually Specify Database and provide the details below. Database The database to protect, or the server where the database runs. Database Type Required only when Type is set to Manually Specify Database. Supported values: MYSQL, ORACLE, MSSQL. Account The username of an account with database backup permissions. For ORACLE databases, leave this blank — ORACLE does not require a username or password for this policy. Enter the database account credentials, not the server credentials. Password The password for the database account specified above. Parameter Description Protection Policy The backup schedule to apply. Click Recommended Policy to use Security Center's default settings. Adjust the policy if your requirements differ. Full Backup Policy The interval, day of week, and start time for full backups. Full backup captures all data at a point in time — it takes longer and consumes more anti-ransomware capacity than incremental backup. We recommend that you set Interval period to 1 Week. Incremental Backup Policy The interval and start time for incremental backups. Incremental backup captures only data changed since the last full or incremental backup — it is faster and uses less capacity. We recommend that you set Interval period to 1 Day. Backup Data Retention Period How long backup data is retained. Maximum Backup Network Bandwidth The network bandwidth limit during backup. Set to 0 for unlimited bandwidth. After the policy is created, Security Center automatically installs the anti-ransomware agent on your server. The policy enters the Initializing state. Once the agent installation completes, Security Center begins backing up the database according to the schedule.
Monitor the anti-ransomware agent status after installation. An abnormal agent status prevents backup and recovery tasks from running. If the agent becomes abnormal — for example, after replacing the server's operating system — follow the steps in Configure anti-ransomware policies after the operating system of a server is replaced.
What's next
Run a precheck: Before the first backup starts, precheck the database specified in the policy to confirm it is reachable and the credentials are valid. See Precheck a database.
Monitor policy status: After the policy is active, monitor it regularly. If the status becomes abnormal, troubleshoot promptly. See Troubleshoot the issues causing the abnormal status of an anti-ransomware policy for a database and backup tasks.