DocsICP FilingConsole
官方文档
首页

Enable and purchase the anti-ransomware service

更新时间:
复制 MD 格式
产品详情
我的收藏

The anti-ransomware service creates encrypted, isolated backups for servers and databases, enabling rapid recovery after a ransomware attack. Plan capacity, purchase storage, and complete authorization to get started.

Important

Anti-ransomware protects only self-managed databases on ECS instances. Managed databases such as ApsaraDB RDS are not supported.

Choose a billing method

Anti-ransomware is a value-added service purchased separately from the basic Security Center edition. Billing is based on purchased capacity (dedicated backup storage), not server count. Server and database anti-ransomware have independent capacity pools and billing.

Billing method

Use cases

Benefits

Subscription

Production environments with stable workloads requiring long-term backups.

Predictable costs. More cost-effective than pay-as-you-go for long-term use.

Pay-as-you-go

Elastic workloads, temporary testing, or short-term backup needs.

Pay only for what you use. No upfront commitment.

Estimate required capacity

Plan capacity to ensure continuous protection without overspending.

  • Estimation method: Capacity depends on source data size, compression ratio, retention period, and change rate.

    • Initial backup: The first full backup typically uses 60%–80% of source data size after compression.

    • Subsequent backups: Incremental backups capture only changed data.

  • Recommended capacity formula: Recommended capacity = (Source data size × Compression ratio) + (Daily data increment × Retention days).

    Important

    Purchase slightly more than calculated to accommodate growth and fluctuations.

  • Estimation example:

    A web server has 20 GB of data, grows by 1 GB daily, and requires 7-day retention.

    Recommended capacity ≈ (20 GB × 70%) + (1 GB × 7 days) = 14 GB + 7 GB = 21 GB.

Purchase anti-ransomware capacity

Subscription

  1. Log on and go to the purchase page

    1. Navigate to the Security Center console > Protection Settings > Host Protection > Anti-ransomware page. At the top of the page, select the region where your assets are located: Chinese Mainland or Outside Chinese Mainland.

    2. Click Buy Now to go to the order page.

    Note

    Alternatively, you can log on with your Alibaba Cloud account and go to the Security Center purchase page. On the page, for Subscription, select Subscription. For more information, see Purchase Security Center.

  2. Configure Anti-ransomware capacity

    In the Anti-ransomware section, set Purchase or Not to Yes, and then select a Quantity (data backup capacity) based on your business requirements.

  3. Configure Managed Anti-ransomware (Optional):

    Important

    The Managed Service for Anti-ransomware will no longer be available for new purchases starting November 30, 2025. Only existing users can renew their subscriptions. If a subscription expires due to a late renewal, it will be considered a new purchase and cannot be renewed or repurchased.

    To receive configuration guidance, policy inspection, and emergency response, enable the Managed Anti-ransomware. Managed Service for Anti-ransomware. Configure as follows:

    1. Enable the service: Set the Managed Anti-ransomware option to Yes.

    2. Complete authorization: Click Create Service-linked Role. The system creates the AliyunServiceRoleForAntiRansomwareMssp role, granting minimum permissions to access your cloud resources.

      Note

      This step applies only to users who purchased the managed service.

      Managed Service for Anti-ransomware topic has additional details.

  4. Click Buy Now and complete the payment.

Note

For purchase parameters, see Managed Service for Anti-ransomware and Purchase Security Center.

Pay-as-you-go

  1. Log on to the console

    Navigate to the Security Center console > Protection Settings > Host Protection > Anti-ransomware page. At the top of the page, select the region where your assets are located: Chinese Mainland or Outside Chinese Mainland.

  2. Enable pay-as-you-go

    In the confirmation dialog box, click Activate Pay-as-you-go.

    Important

    If you select Set Recommended Policy, a policy is automatically created for regular backups of critical file paths on your servers. Modify this policy on the anti-ransomware page. Modify server anti-ransomware policies and Modify database anti-ransomware policies.

  3. Click Buy Now to complete the activation.

Complete service authorization

Grant the service permission to access your ECS instances for backup and recovery. Authorization is required when you first enable the service and when you add assets in a new region.

  • Initial service authorization

    The system guides you through a one-time authorization when you first purchase or enable the service.

    • Procedure: On the anti-ransomware service page, click the Authorize Now button as prompted.

    • System behavior: Creates all required service-linked roles and grants necessary permissions.

  • Grant permissions for new regions

    Since December 20, 2024, anti-ransomware supports ECS instances in China (Ulanqab) and China (Heyuan). These regions require additional permissions.

    Important

    Without this authorization, anti-ransomware is unavailable for servers in these regions.

    • Procedure: Complete the authorization process on the console again. The system adds any missing permissions.

    • System behavior: Creates the AliyunServiceRoleForHbrMagpieBridge service-linked role with minimum required permissions.

  • Role details

    Service-linked role

    Associated service

    Description

    AliyunServiceRoleForSas

    Security Center

    Grants basic permissions for anti-ransomware to work with Security Center.

    AliyunServiceRoleForHbrMagpieBridge

    Cloud Backup

    Performs backup and recovery operations for ransomware protection.

    AliyunServiceRoleForAntiRansomwareMssp

    Managed Service for Anti-ransomware

    Authorizes managed service experts to monitor backup tasks and troubleshoot issues.

    Note

    • This role is required only for users who have purchased the Managed Service for Anti-ransomware.

    • The Managed Service for Anti-ransomware will no longer be available for new purchases starting November 30, 2025. Only existing users can renew their subscriptions. If a subscription expires due to a late renewal, it will be considered a new purchase and cannot be renewed or repurchased.
Note

For more information, see Service-linked roles for Security Center.

Configure a protection policy

After purchasing capacity, create and enable a protection policy. Backups begin only after a task runs successfully.

  1. Create a protection policy: Define protected assets, backup content (directories or database instances), and schedule (frequency and retention).

  2. Verify backup status: After the policy is created and runs, go to the Anti-ransomware page and click the Backup Tasks tab to confirm that the backup tasks are successful.

FAQ

Capacity and billing

  • Is the purchased capacity shared by all servers?

    Yes. Capacity in a region is shared across all protected assets (servers and databases).

  • What happens if I run out of capacity during a backup?

    The backup task fails and the policy is automatically disabled. Security Center notifies you via internal messages or SMS. Resume backups by increasing capacity or freeing space.

  • How do I free up capacity by deleting backup data?

    On the Anti-ransomware page, click Release next to Capacity Used by Servers. You can free up space in the following ways:

  • Do the Advanced and Enterprise editions of Security Center include free anti-ransomware capacity?

    No. Anti-ransomware is a separately purchased value-added service, regardless of your Security Center edition.

Troubleshooting and recovery

  • What should I do if the anti-ransomware client status is "Abnormal" or "Offline" after a server is infected, preventing data recovery?

    This occurs when ransomware damages the OS or security software, preventing the client from functioning.

    Recommended recovery process (best practice):

    1. Restore the system by using a snapshot: Use the most recent ECS snapshot to roll back the server. This restores the OS, runtime environment, and anti-ransomware client to a working state.

    2. Restore data by using the anti-ransomware service: After system restoration, use anti-ransomware backups to restore business files from the most recent backup version, which may be more up-to-date than the snapshot.

  • Why was my server infected even though I enabled the anti-ransomware service?

    • Incorrect configuration: The protection policy was not created correctly, or the server was not added to the policy. Create or fix the policy immediately.

    • Client is offline: The anti-ransomware client is damaged or offline. For solutions, see troubleshoot anti-ransomware exceptions.

    • Host Protection service not purchased: Without Host Protection, the service lacks proactive defense and cannot protect against ransomware before or during an attack. Host Protection settings.

  • Why does the console show unprotected database instances when I have not purchased database anti-ransomware?

    Security Center automatically scans ECS instances for database processes. Without a purchased and configured database anti-ransomware policy, these instances appear as unprotected.

    Recommended actions:

    • Click Scan Now on the anti-ransomware page or check the instance details to identify the specific servers.

    • Ignore these if they are false positives or assets that do not require protection.

    • If you need protection, ensure that the anti-ransomware client is installed and running on the corresponding ECS instance, then create a database anti-ransomware protection policy.

Previous:Anti-ransomware serviceNext:Anti-Ransomware for MSSP