Create a restore job-Security Center(Security Center)-阿里云帮助中心

After server files are encrypted by ransomware, you can create a restore job to quickly recover backup data and minimize losses. Only same-account restoration is supported. This topic describes how to create a restore job, view restore job status, and manage backup data.

Prerequisites

The Security Center agent is running normally on the server. An icon appears in the Agent column on the Host page.
Before the ransomware attack, you have created an anti-ransomware policy for the server and the policy has completed at least one successful backup, ensuring that recoverable backup data exists.

Create a restore job

Log on to the Security Center console.
In the navigation pane on the left, select Protection Configuration > Host Protection > Anti-ransomware. In the upper-left corner of the console, select the region where the assets to be protected are located: Chinese Mainland or Outside Chinese Mainland.
On the Anti-ransomware for Servers tab, find the server for which you want to create a restore job in the policy list.
Note
Use the search box above the policy list to find the target server by policy name or server name.
Click to expand the drop-down list. Find the target server and click Restore in the Actions column.

In the Create Restoration Task panel, configure the following parameters, and then click OK.

Parameter	Description
Backup Version	Select the backup version to restore. All recoverable files in the selected version are displayed in the file list. You can select files as needed.
Files to Restore	Select the files to restore.
Destination Folder	Enter the destination path on the target server. The folder must exist and have write permissions. Otherwise, the restore job fails.
Target Server	Select the server to restore data to. You can select any protected server in the same account, not limited to the originally attacked server.

A Restoration task created. message appears. Log on to the target server and navigate to the destination folder to verify that the backup files are restored and accessible.

View restore jobs

Log on to the Security Center console.
In the navigation pane on the left, select Protection Configuration > Host Protection > Anti-ransomware. In the upper-left corner of the console, select the region where the assets to be protected are located: Chinese Mainland or Outside Chinese Mainland.
In the Overview of Anti-ransomware for Servers section, click the number under Restoring/Restoration Records to open the Restoration Task panel.
The panel displays the execution status, total number of restored files, and number of failed files for each restore job.

Troubleshoot restore job failures

If a restore job fails, check the failure reason and take the corresponding action.

Failure reason	Solution
Destination folder does not exist	Verify that the folder path on the target server is correct, and then create a new restore job.
Insufficient write permissions	Make sure the destination folder on the target server has write permissions.

Backup management

Check for recoverable backup data

Log on to the Security Center console.
In the navigation pane on the left, select Protection Configuration > Host Protection > Anti-ransomware. In the upper-left corner of the console, select the region where the assets to be protected are located: Chinese Mainland or Outside Chinese Mainland.
On the Anti-ransomware for Servers tab, click the number under Recoverable Data Versions above the policy list to open the Recoverable Data Versions panel.
Use the search box above the backup data list. Select the server region and enter the server name or IP address to query the backup version list for the target server.

Delete backup data

Warning

Deleted backup data cannot be recovered. Proceed with caution.
Storage capacity is released within 24 to 72 hours after deletion. Check back later.
The last version of recoverable data cannot be deleted. To delete it, uninstall the anti-ransomware client from the server first, and then remove the server from the policy.

If certain backup data is no longer needed, you can delete it to release the corresponding anti-ransomware storage capacity.

In the Overview of Anti-ransomware for Servers section, click the number under Recoverable Data Versions to open the Recoverable Data Versions panel.
Use the search box above the backup data list. Select the server region and enter the server name or IP address to find the target server.
In the backup version list, find the version to delete and click Delete in the Actions column.

FAQ

Can anti-ransomware backup data be downloaded?

Anti-ransomware backup data cannot be directly downloaded to your local computer. Backup data is stored in Security Center dedicated storage and is not available for download via file download, OSS links, or client download.