Ransomware is one of the major threats to network security. If your servers or databases are infected with ransomware, your business data may be encrypted for ransom. This can cause severe risks, such as service interruptions, data leaks, and data loss. To defend against ransomware, Security Center provides the following features: anti-ransomware for servers and anti-ransomware for databases. You can use the features to protect your servers and databases from ransomware.
Background information
Security Center provides a hierarchical protection system against ransomware.
Block known ransomware in real time
Security Center blocks a large amount of known ransomware by using the threat intelligence library of Alibaba Cloud. Security Center blocks ransomware to avoid potential loss.
ImportantAfter you install the Security Center agent on a server, the defense process of Security Center requires a specific period of time to take effect on the server. During this period of time, Security Center cannot block threats such as ransomware and DDoS trojans.
Capture and block unknown ransomware
Security Center sets up trap directories on your servers to capture potential ransomware attacks. To protect against unknown ransomware, Security Center immediately blocks viruses that perform unusual encryption operations and notifies you of the operations for further handling. You can turn on Anti-ransomware (Bait Capture) in the Security Center console. For more information, see Use proactive defense.
NoteIf you find a suspicious directory on your server after the anti-ransomware feature is enabled, contact Alibaba Cloud for technical support to check whether the directory is a trap directory that is set up by Security Center. Trap directories do not affect your workloads and are not malicious. You cannot manually delete trap directories.
Feature differences
Anti-ransomware for servers and anti-ransomware for databases protect different types of data. If you want to protect database files, use anti-ransomware for databases. If you want to protect other files in the specified directories of your server, use anti-ransomware for servers. If you want to protect both database files and other files in the specified directories of your server, use anti-ransomware for databases together with anti-ransomware for servers. For more information about how to create anti-ransomware policies, see the following topics:
To protect database files on a server, use anti-ransomware for databases.
Supported regions
If you create an anti-ransomware policy for a server that is not deployed on Alibaba Cloud, select the region in which the server is deployed. If an Elastic Compute Service (ECS) instance for which you want to create an anti-ransomware policy resides in a region in which the anti-ransomware feature is unavailable, the instance is not displayed in the asset list.
Feature | Area | Supported region |
Anti-ransomware for servers | Chinese mainland |
|
Asia Pacific | Indonesia (Jakarta), Australia (Sydney), Japan (Tokyo), India (Mumbai), Malaysia (Kuala Lumpur), China (Hong Kong), Singapore, and Philippines (Manila) | |
Europe and Americas | US (Silicon Valley), US (Virginia), Germany (Frankfurt), and UK (London) | |
Middle East | SAU (Riyadh) | |
Anti-ransomware for databases | Chinese mainland |
|
Asia Pacific | China (Hong Kong) |
Resource requirements for the backup feature
The following table describes the resource requirements for backing up data of different volumes.
Backup data volume | CPU | Memory size |
100,000 files | Dual-core | 4 GB |
1 million files (up to 8 TB) | Dual-core | 8 GB |
10 million files | Quad-core | 16 GB |
Anti-ransomware for databases consumes a small number of resources to back up data while anti-ransomware for servers consumes a large number of resources to back up data. The process that anti-ransomware for servers runs to back up data consumes server resources. The consumed server resources vary based on the size and number of files. In most cases, your business is not affected. If you want to manage the server resources that are consumed to back up data, you can evaluate the backup speed and limit the maximum usage of server memory. For more information, see Backup speed and recovery speed and How do I resolve OOM issues on an HBR client?
Operating systems and versions supported by anti-ransomware for servers
Database versions and operating system versions supported by anti-ransomware for databases
Anti-ransomware endpoints
Alibaba Cloud public cloud
Region | Public endpoint | ECS internal endpoint |
China (Hangzhou) | https://hbr.cn-hangzhou.aliyuncs.com | https://hbr-vpc.cn-hangzhou.aliyuncs.com |
China (Shanghai) | https://hbr.cn-shanghai.aliyuncs.com | https://hbr-vpc.cn-shanghai.aliyuncs.com |
China (Qingdao) | https://hbr.cn-qingdao.aliyuncs.com | https://hbr-vpc.cn-qingdao.aliyuncs.com |
China (Beijing) | https://hbr.cn-beijing.aliyuncs.com | https://hbr-vpc.cn-beijing.aliyuncs.com |
China (Zhangjiakou) | https://hbr.cn-zhangjiakou.aliyuncs.com | https://hbr-vpc.cn-zhangjiakou.aliyuncs.com |
China (Hohhot) | https://hbr.cn-huhehaote.aliyuncs.com | https://hbr-vpc.cn-huhehaote.aliyuncs.com |
China (Shenzhen) | https://hbr.cn-shenzhen.aliyuncs.com | https://hbr-vpc.cn-shenzhen.aliyuncs.com |
China (Chengdu) | https://hbr.cn-chengdu.aliyuncs.com | https://hbr-vpc.cn-chengdu.aliyuncs.com |
China (Hong Kong) | https://hbr.cn-hongkong.aliyuncs.com | https://hbr-vpc.cn-hongkong.aliyuncs.com |
Singapore | https://hbr.ap-southeast-1.aliyuncs.com | https://hbr-internal.ap-southeast-1.aliyuncs.com |
Philippines (Manila) | https://hbr.ap-southeast-6.aliyuncs.com | https://hbr-vpc.ap-southeast-6.aliyuncs.com |
Australia (Sydney) | https://hbr.ap-southeast-2.aliyuncs.com | https://hbr-vpc.ap-southeast-2.aliyuncs.com |
Malaysia (Kuala Lumpur) | https://hbr.ap-southeast-3.aliyuncs.com | https://hbr.ap-southeast-3.aliyuncs.com |
Indonesia (Jakarta) | https://hbr.ap-southeast-5.aliyuncs.com | https://hbr-vpc.ap-southeast-5.aliyuncs.com |
Japan (Tokyo) | https://hbr.ap-northeast-1.aliyuncs.com | https://hbr.ap-northeast-1.aliyuncs.com |
India (Mumbai) | https://hbr.ap-south-1.aliyuncs.com | https://hbr-vpc.ap-south-1.aliyuncs.com |
Germany (Frankfurt) | https://hbr.eu-central-1.aliyuncs.com | https://hbr.eu-central-1.aliyuncs.com |
US (Silicon Valley) | https://https://hbr.us-west-1.aliyuncs.com | https://hbr.us-west-1.aliyuncs.com |
US (Virginia) | https://hbr.us-east-1.aliyuncs.com | https://hbr-vpc.us-east-1.aliyuncs.com |
UK (London) | https://hbr.eu-west-1.aliyuncs.com | https://hbr-vpc.eu-west-1.aliyuncs.com |
Alibaba Finance Cloud
Region | Public endpoint | ECS internal endpoint |
China East 2 Finance | https://hbr.cn-shanghai-finance-1.aliyuncs.com | https://hbr-vpc.cn-shanghai-finance-1.aliyuncs.com |
China South 1 Finance | https://hbr.cn-shenzhen-finance-1.aliyuncs.com | https://hbr-vpc.cn-shenzhen-finance-1.aliyuncs.com |
Use process
You can use the anti-ransomware feature to back up data on your servers or databases. If your business data is encrypted by ransomware, you can restore the encrypted files based on the backup data. This reduces the adverse impacts on your workloads.
Purchase a specific anti-ransomware capacity and complete the required authorization. For more information, see Enable anti-ransomware.
Select anti-ransomware for servers or anti-ransomware for databases based on the type of data that you want to protect. For more information, see Feature differences.
Create anti-ransomware policies for your servers or databases to back up your data. For more information, see Create anti-ransomware policies for servers and Create anti-ransomware policies for databases.
Create restoration tasks to restore data that is encrypted by ransomware. For more information, see Create restoration tasks for servers and Create restoration tasks for databases.