To prevent data encryption, leakage, or loss from ransomware attacks on your servers and databases, Security Center provides a defense-in-depth system featuring pre-attack interception, during-attack trapping, and post-attack recovery. Anti-ransomware (data backup) is the last line of defense. Integrated with Cloud Backup, it lets you quickly restore core data from historical backups, minimizing business disruption and data loss.
Core features
The Anti-ransomware feature provides data backup through two protection modes based on asset type: Anti-ransomware for servers and Anti-ransomware for databases.
Aspect | Anti-ransomware for Servers | Anti-ransomware for Databases |
Protected assets | Business files and directories on a server. Important Do not use Anti-ransomware for Servers to back up database files. This mode cannot guarantee data consistency for databases. | Self-managed databases on servers, such as MySQL, Oracle, or SQL Server on an ECS instance. |
How it works | Periodically backs up specified critical files and directories. | Uses native database APIs to back up data, ensuring application-level consistency. |
Key benefits | Protects unstructured data, such as critical business files, applications, and configuration files. | Provides reliable, consistent backup and recovery for self-managed databases, a best practice for protecting core transactional data. |
Limitations | Does not protect mounted paths, such as OSS or NAS directories mounted to an ECS instance. |
|
Workflow
The Anti-ransomware (data backup) workflow includes the following four stages:
Enable and authorize
Purchase anti-ransomware capacity and authorize the service. The system automatically enables the associated Cloud Backup service. For detailed instructions, see Enable and purchase the service.
NoteYour purchased Anti-ransomware capacity includes the activation and storage costs for the Cloud Backup service. No extra fees apply.
Configure protection policy
Create a protection policy for the target servers or databases based on your business scenario, and set the backup schedule and scope. For detailed instructions, see Create an anti-ransomware policy.
NoteAlibaba Cloud ECS instances: The system automatically detects your instances' region and displays only servers within a supported region.
Servers outside Alibaba Cloud (e.g., in data centers or from other cloud providers): When you configure a protection policy, you must manually select the server's actual region.
Automatic backups
After you configure the protection policy, the Anti-ransomware client automatically and securely transfers data to the Cloud Backup service.
NoteThe backup process consumes a small amount of server resources.
Emergency restore
To recover from a ransomware attack, create a restore job from the most recent backup to quickly restore your encrypted data. For detailed instructions, see Create a server restore job and Create a database restore job.
Limitations
General limitations
Region availability: The service is not available in all regions. For a list of supported regions, see Supported regions.
Backup and recovery: The service cannot decrypt files that ransomware has encrypted.
Anti-ransomware for Databases limitations
Cloud database services: The service does not support managed cloud databases, such as RDS and PolarDB.
Network environment: The service does not support ECS instances in a Classic Network.
Anti-ransomware for Servers limitations
Deployment environment: The service does not directly support protecting directories in a container. To protect them, you must first map the container directories to the host server.
Operating system: The service only supports specific operating system versions. For a list of supported versions, see Supported operating systems (Anti-ransomware for servers).
Resource consumption and planning
Resource consumption overview
Anti-ransomware for databases: Resource consumption is negligible.
Anti-ransomware for servers: The backup process consumes some CPU and memory. The amount consumed depends on the number and size of files but typically does not affect production workloads.
Minimum configuration recommendations
Source data
CPU
Memory
100,000 files
2-core
4 GB
1 million files, 8 TB total
2-core
8 GB
10 million files
4-core
16 GB
Resource optimization: To control resource consumption during backup tasks, you can use the following options.
Adjust backup speed: Balance backup speed with resource consumption. For more information, see Backup and restoration speeds.
Limit memory usage: Set a memory limit for the backup client to prevent an out-of-memory (OOM) issue. For detailed instructions, see How to resolve OOM issues for the backup client.
Billing
Your cost is based on the anti-ransomware capacity you purchase, which is determined by the volume of data you back up and your chosen retention period, not the number of servers.
This capacity includes the costs for the Cloud Backup service and associated storage. No additional charges apply.
If you mistakenly add a network path, such as a NAS or OSS directory, to a protection policy, you may incur additional fees for origin access. Proceed with caution. For more information, see Protect network paths (such as OSS/NAS).
Recommendations
Build a multi-layered recovery system
Recommendation: For core business servers, configure both ECS Snapshot and Anti-ransomware (data backup).
Explanation: Ransomware can corrupt a server's operating system, which can damage or disable the anti-ransomware client and prevent data restoration. In this extreme scenario, the best recovery path is:
Restore the system with a snapshot: Immediately use the most recent ECS Snapshot to roll back the server. This restores the server's operating system and runtime environment to a healthy state and brings the anti-ransomware client back online.
Restore data with the anti-ransomware service: After the system is restored, use the Anti-ransomware (data backup) feature to restore your core business files from the most recent backup version, which may be newer than the snapshot.
Avoid backup tool conflicts
Recommendation: Do not run this product concurrently with other backup tools, such as third-party software or custom scripts.
Explanation: Concurrent operations can cause file read/write conflicts, which often leads to backup failures or data corruption.
Protect network paths (such as OSS/NAS)
Recommendation: Do not add mounted network paths, such as server-mounted OSS or NAS directories, to an anti-ransomware protection policy.
Explanation: Backing up these paths involves frequent access to the source service (OSS/NAS), which can incur high additional fees for traffic or requests. For these scenarios, use the relevant Cloud Backup features directly. For detailed instructions, see Getting Started with OSS Backup and Getting Started with On-premises NAS Backup.
Use dedicated protection for database files
Recommendation: Use the Anti-ransomware for Databases feature to protect database files on your server, such as
.mdfand.ibd.Explanation: Directly backing up database files cannot guarantee data consistency or recoverability. The Anti-ransomware for Databases feature uses native database APIs to ensure application-consistent, valid backups.
Configure container protection
Recommendation: To protect a directory within a container, map it to the host.
Explanation:
The Anti-ransomware (data backup) feature works by protecting host directories. Therefore, it cannot directly back up unmapped databases or files within a container.
Use the
-vparameter of thedocker runcommand to link a host directory to a container directory.Command format:
docker run -v <host-directory>:<container-directory> <image-name>Example:
Map the
/app/datadirectory within the container to the/home/user/datadirectory on the host:docker run -v /home/user/data:/app/data your-image-name
Get expert support
Recommendation: If your company lacks security operations staff and requires professional support for ransomware protection, consider purchasing the Managed Anti-ransomware.
Explanation: Anti-ransomware experts can assist with ransomware risk prevention and protection configuration. For more information, see Managed Anti-Ransomware Service.
Appendix
Supported regions
Feature | Area | Supported regions |
anti-ransomware for servers | Chinese mainland |
|
Asia Pacific | Indonesia (Jakarta), Japan (Tokyo), Malaysia (Kuala Lumpur), China (Hong Kong), Singapore, Philippines (Manila) | |
Europe & Americas | US (Silicon Valley), US (Virginia), Germany (Frankfurt), UK (London) | |
Middle East | SAU (Riyadh - Partner Region) | |
anti-ransomware for databases | Chinese mainland |
|
Asia Pacific | China (Hong Kong), Singapore |
Supported operating systems (Anti-ransomware for Servers)
The Anti-ransomware for Servers feature lets you install the anti-ransomware client only on the operating systems listed in the following table.
System | Supported version |
Windows | 7, 8, 10, and 11 |
Windows Server | 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, and 2025 |
RHEL | 7.0, 7.2, 7.4, 7.5, 7.6, 7.7, 7.8, 8.0, 8.1, and 8.2 |
CentOS | 6.5, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.2, and 8.3 |
Ubuntu | 14.04, 16.04, 18.04, and 20.04 |
SUSE Linux Enterprise Server | 11, 12, and 15 |
Rocky Linux | 8.7 |
Supported databases and operating systemsAnti-ransomware for Databases
The Anti-ransomware for Databases feature allows you to install the anti-ransomware client only on the databases and operating systems listed in the following table.
Database type | Supported database version | Supported operating system version |
Oracle | 9i |
|
10g |
| |
11g |
| |
12c |
| |
18c |
| |
19c | Oracle Enterprise Linux 7.0 | |
Oracle RAC | 9i | SUSE 9.3, RHEL |
10g | Windows 2008 R2 | |
11g |
| |
12c |
| |
18c | Windows 2008 R2 | |
19c | RHEL 7.6 | |
Oracle Data Guard | 11g |
|
12c | Oracle Enterprise Linux 6 | |
MySQL | 5.0 |
|
5.1 |
| |
5.4 |
| |
5.5 |
| |
5.6 |
| |
5.7 |
| |
8.0 to 8.0.32 |
| |
SQL Server | 2005 | Windows 2008 R2 SP1 |
2008 | Windows 2008 R2, Windows 2008 R2 SP1 | |
2008 R2 | Windows 2008 R2 | |
2012 | Windows 2012 RC | |
2014 | Windows 2008 R2 SP1, Windows 2016 | |
2016 (RTM) | Windows 2012 R2 | |
2017 | Windows 2012, Windows 2016 | |
2019 | Windows 2016 | |
SQL Server Always On | 2012, 2016, and 2017 | Windows 2012 R2 |
Network endpoint
Endpoint types
Management plane: Relays control signals between the anti-ransomware client and the Cloud Backup service.
Data plane: Transfers backup data.
Alibaba Cloud servers
Protection policy v2.0 endpoints
Region | Type | Public endpoint | VPC endpoint domain name |
China (Hangzhou) | Management plane | post-cn-mp90rcien05.mqtt.aliyuncs.com | post-cn-mp90rcien05-internal.mqtt.aliyuncs.com |
Data plane | *.oss-cn-hangzhou.aliyuncs.com | *.oss-cn-hangzhou-internal.aliyuncs.com | |
China (Shanghai) | Management plane | post-cn-4590rcihm02.mqtt.aliyuncs.com | post-cn-4590rcihm02-internal.mqtt.aliyuncs.com |
Data plane | *.oss-cn-shanghai.aliyuncs.com | *.oss-cn-shanghai-internal.aliyuncs.com | |
China (Qingdao) | Management plane | post-cn-n6w1oj5j506.mqtt.aliyuncs.com | post-cn-n6w1oj5j506-internal-vpc.mqtt.aliyuncs.com |
Data plane | *.oss-cn-qingdao.aliyuncs.com | *.oss-cn-qingdao-internal.aliyuncs.com | |
China (Beijing) | Management plane | post-cn-mp90rcibd04.mqtt.aliyuncs.com | post-cn-mp90rcibd04-internal.mqtt.aliyuncs.com |
Data plane | *.oss-cn-beijing.aliyuncs.com | *.oss-cn-beijing-internal.aliyuncs.com | |
China (Zhangjiakou) | Management plane | post-cn-45917akja09.mqtt.aliyuncs.com | post-cn-45917akja09-internal.mqtt.aliyuncs.com |
Data plane | *.oss-cn-zhangjiakou.aliyuncs.com | *.oss-cn-zhangjiakou-internal.aliyuncs.com | |
China (Hohhot) | Management plane | post-cn-0pp1epkb50h.mqtt.aliyuncs.com | post-cn-0pp1epkb50h-internal.mqtt.aliyuncs.com |
Data plane | *.oss-cn-huhehaote.aliyuncs.com | *.oss-cn-huhehaote-internal.aliyuncs.com | |
China (Shenzhen) | Management plane | post-cn-v0h0rcijv04.mqtt.aliyuncs.com | post-cn-v0h0rcijv04-internal.mqtt.aliyuncs.com |
Data plane | *.oss-cn-shenzhen.aliyuncs.com | *.oss-cn-shenzhen-internal.aliyuncs.com | |
China (Chengdu) | Management plane | post-cn-st21piid30e.mqtt.aliyuncs.com | post-cn-st21piid30e-internal-vpc.mqtt.aliyuncs.com |
Data plane | *.oss-cn-chengdu.aliyuncs.com | *.oss-cn-chengdu-internal.aliyuncs.com | |
China (Hong Kong) | Management plane | mqtt-cn-v0h1cmss401.mqtt.aliyuncs.com | mqtt-cn-v0h1cmss401-internal.mqtt.aliyuncs.com |
Data plane | *.oss-cn-hongkong.aliyuncs.com | *.oss-cn-hongkong-internal.aliyuncs.com | |
Singapore | Management plane | post-cn-4590unarx01.mqtt.aliyuncs.com | post-cn-4590unarx01-internal.mqtt.aliyuncs.com |
Data plane | *.oss-ap-southeast-1.aliyuncs.com | *.oss-ap-southeast-1-internal.aliyuncs.com | |
Malaysia (Kuala Lumpur) | Management plane | mqtt-cn-v0h1k5d7707.mqtt.aliyuncs.com | mqtt-cn-v0h1k5d7707-internal.mqtt.aliyuncs.com |
Data plane | *.oss-ap-southeast-3.aliyuncs.com | *.oss-ap-southeast-3-internal.aliyuncs.com | |
Indonesia (Jakarta) | Management plane | post-cn-4591ee94i03.mqtt.aliyuncs.com | post-cn-4591ee94i03-internal.mqtt.aliyuncs.com |
Data plane | *.oss-ap-southeast-5.aliyuncs.com | *.oss-ap-southeast-5-internal.aliyuncs.com | |
Japan (Tokyo) | Management plane | post-cn-mp91kij0p01.mqtt.aliyuncs.com | post-cn-mp91kij0p01-internal-vpc.mqtt.aliyuncs.com |
Data plane | *.oss-ap-northeast-1.aliyuncs.com | *.oss-ap-northeast-1-internal.aliyuncs.com | |
Germany (Frankfurt) | Management plane | post-cn-mp91ki6sl0k.mqtt.aliyuncs.com | post-cn-mp91ki6sl0k-internal.mqtt.aliyuncs.com |
Data plane | *.oss-eu-central-1.aliyuncs.com | *.oss-eu-central-1-internal.aliyuncs.com | |
US (Silicon Valley) | Management plane | mqtt-cn-mp91j6gou03.mqtt.aliyuncs.com | mqtt-cn-mp91j6gou03-internal.mqtt.aliyuncs.com |
Data plane | *.oss-us-west-1.aliyuncs.com | *.oss-us-west-1-internal.aliyuncs.com | |
US (Virginia) | Management plane | post-cn-oew1qqlw309.mqtt.aliyuncs.com | post-cn-oew1qqlw309-internal-vpc.mqtt.aliyuncs.com |
Data plane | *.oss-us-east-1.aliyuncs.com | *.oss-us-east-1-internal.aliyuncs.com | |
UAE (Dubai) | Management plane | post-cn-oew1tb52204.mqtt.aliyuncs.com | post-cn-oew1tb52204-internal-vpc.mqtt.aliyuncs.com |
Data plane | *.oss-me-east-1.aliyuncs.com | *.oss-me-east-1-internal.aliyuncs.com | |
SAU (Riyadh - Partner Region) | Management plane | mqtt-cn-7pp2urf8g04.mqtt.aliyuncs.com | mqtt-cn-7pp2urf8g04-internal-vpc.mqtt.aliyuncs.com |
Data plane | *.oss-me-central-1.aliyuncs.com | *.oss-me-central-1-internal.aliyuncs.com | |
Shanghai Finance Cloud | Management plane | post-cn-nif1osdrt09.mqtt.aliyuncs.com | post-cn-nif1osdrt09-internal.mqtt.aliyuncs.com |
Data plane | None | *.oss-cn-shanghai-finance-1-internal.aliyuncs.com | |
Shenzhen Finance Cloud | Management plane | post-cn-n6w1pij7y0b.mqtt.aliyuncs.com | post-cn-n6w1pij7y0b-internal.mqtt.aliyuncs.com |
Data plane | None | *.oss-cn-shenzhen-finance-1-internal.aliyuncs.com | |
China (Beijing) Gov | Management plane | post-cn-v0h1cmsrj01.mqtt.aliyuncs.com | post-cn-v0h1cmsrj01-internal.mqtt.aliyuncs.com |
Data plane | *.oss-cn-north-2-gov-1.aliyuncs.com | *.oss-cn-north-2-gov-1-internal.aliyuncs.com |
Protection policy v1.0 endpoints
Region | Type | Public endpoint | VPC Access Point Domain Name |
China (Hangzhou) | Management plane | post-cn-mp90rcien05.mqtt.aliyuncs.com | post-cn-mp90rcien05-internal.mqtt.aliyuncs.com |
hbr.cn-hangzhou.aliyuncs.com | hbr-vpc.cn-hangzhou.aliyuncs.com | ||
Data plane | *.oss-cn-hangzhou.aliyuncs.com | *.oss-cn-hangzhou-internal.aliyuncs.com | |
China (Shanghai) | Management plane | post-cn-4590rcihm02.mqtt.aliyuncs.com | post-cn-4590rcihm02-internal.mqtt.aliyuncs.com |
hbr.cn-shanghai.aliyuncs.com | hbr-vpc.cn-shanghai.aliyuncs.com | ||
Data plane | *.oss-cn-shanghai.aliyuncs.com | *.oss-cn-shanghai-internal.aliyuncs.com | |
China (Qingdao) | Management plane | post-cn-n6w1oj5j506.mqtt.aliyuncs.com | post-cn-n6w1oj5j506-internal-vpc.mqtt.aliyuncs.com |
hbr.cn-qingdao.aliyuncs.com | hbr-vpc.cn-qingdao.aliyuncs.com | ||
Data plane | *.oss-cn-qingdao.aliyuncs.com | *.oss-cn-qingdao-internal.aliyuncs.com | |
China (Beijing) | Management plane | post-cn-mp90rcibd04.mqtt.aliyuncs.com | post-cn-mp90rcibd04-internal.mqtt.aliyuncs.com |
hbr.cn-beijing.aliyuncs.com | hbr-vpc.cn-beijing.aliyuncs.com | ||
Data plane | *.oss-cn-beijing.aliyuncs.com | *.oss-cn-beijing-internal.aliyuncs.com | |
China (Zhangjiakou) | Management plane | post-cn-45917akja09.mqtt.aliyuncs.com | post-cn-45917akja09-internal.mqtt.aliyuncs.com |
hbr.cn-zhangjiakou.aliyuncs.com | hbr-vpc.cn-zhangjiakou.aliyuncs.com | ||
Data plane | *.oss-cn-zhangjiakou.aliyuncs.com | *.oss-cn-zhangjiakou-internal.aliyuncs.com | |
China (Hohhot) | Management plane | post-cn-0pp1epkb50h.mqtt.aliyuncs.com | post-cn-0pp1epkb50h-internal.mqtt.aliyuncs.com |
hbr.cn-huhehaote.aliyuncs.com | hbr-vpc.cn-huhehaote.aliyuncs.com | ||
Data plane | *.oss-cn-huhehaote.aliyuncs.com | *.oss-cn-huhehaote-internal.aliyuncs.com | |
China (Shenzhen) | Management plane | post-cn-v0h0rcijv04.mqtt.aliyuncs.com | post-cn-v0h0rcijv04-internal.mqtt.aliyuncs.com |
hbr.cn-shenzhen.aliyuncs.com | hbr-vpc.cn-shenzhen.aliyuncs.com | ||
Data plane | *.oss-cn-shenzhen.aliyuncs.com | *.oss-cn-shenzhen-internal.aliyuncs.com | |
China (Chengdu) | Management plane | post-cn-st21piid30e.mqtt.aliyuncs.com | post-cn-st21piid30e-internal-vpc.mqtt.aliyuncs.com |
hbr.cn-chengdu.aliyuncs.com | hbr-vpc.cn-chengdu.aliyuncs.com | ||
Data plane | *.oss-cn-chengdu.aliyuncs.com | *.oss-cn-chengdu-internal.aliyuncs.com | |
China (Hong Kong) | Management plane | mqtt-cn-v0h1cmss401.mqtt.aliyuncs.com | mqtt-cn-v0h1cmss401-internal.mqtt.aliyuncs.com |
hbr.cn-hongkong.aliyuncs.com | hbr-vpc.cn-hongkong.aliyuncs.com | ||
Data plane | *.oss-cn-hongkong.aliyuncs.com | *.oss-cn-hongkong-internal.aliyuncs.com | |
Singapore | Management plane | post-cn-4590unarx01.mqtt.aliyuncs.com | post-cn-4590unarx01-internal.mqtt.aliyuncs.com |
hbr.ap-southeast-1.aliyuncs.com | hbr-internal.ap-southeast-1.aliyuncs.com | ||
Data plane | *.oss-ap-southeast-1.aliyuncs.com | *.oss-ap-southeast-1-internal.aliyuncs.com | |
Malaysia (Kuala Lumpur) | Management plane | mqtt-cn-v0h1k5d7707.mqtt.aliyuncs.com | mqtt-cn-v0h1k5d7707-internal.mqtt.aliyuncs.com |
hbr.ap-southeast-3.aliyuncs.com | hbr.ap-southeast-3.aliyuncs.com | ||
Data plane | *.oss-ap-southeast-3.aliyuncs.com | *.oss-ap-southeast-3-internal.aliyuncs.com | |
Indonesia (Jakarta) | Management plane | post-cn-4591ee94i03.mqtt.aliyuncs.com | post-cn-4591ee94i03-internal.mqtt.aliyuncs.com |
hbr.ap-southeast-5.aliyuncs.com | hbr-vpc.ap-southeast-5.aliyuncs.com | ||
Data plane | *.oss-ap-southeast-5.aliyuncs.com | *.oss-ap-southeast-5-internal.aliyuncs.com | |
Japan (Tokyo) | Management plane | post-cn-mp91kij0p01.mqtt.aliyuncs.com | post-cn-mp91kij0p01-internal-vpc.mqtt.aliyuncs.com |
hbr.ap-northeast-1.aliyuncs.com | hbr.ap-northeast-1.aliyuncs.com | ||
Data plane | *.oss-ap-northeast-1.aliyuncs.com | *.oss-ap-northeast-1-internal.aliyuncs.com | |
Germany (Frankfurt) | Management plane | post-cn-mp91ki6sl0k.mqtt.aliyuncs.com | post-cn-mp91ki6sl0k-internal.mqtt.aliyuncs.com |
hbr.eu-central-1.aliyuncs.com | hbr.eu-central-1.aliyuncs.com | ||
Data plane | *.oss-eu-central-1.aliyuncs.com | *.oss-eu-central-1-internal.aliyuncs.com | |
US (Silicon Valley) | Management plane | mqtt-cn-mp91j6gou03.mqtt.aliyuncs.com | mqtt-cn-mp91j6gou03-internal.mqtt.aliyuncs.com |
hbr.us-west-1.aliyuncs.com | hbr.us-west-1.aliyuncs.com | ||
Data plane | *.oss-us-west-1.aliyuncs.com | *.oss-us-west-1-internal.aliyuncs.com | |
US (Virginia) | Management plane | post-cn-oew1qqlw309.mqtt.aliyuncs.com | post-cn-oew1qqlw309-internal-vpc.mqtt.aliyuncs.com |
hbr.us-east-1.aliyuncs.com | hbr.us-east-1.aliyuncs.com | ||
Data plane | *.oss-us-east-1.aliyuncs.com | *.oss-us-east-1-internal.aliyuncs.com | |
UAE (Dubai) | Management plane | post-cn-oew1tb52204.mqtt.aliyuncs.com | post-cn-oew1tb52204-internal-vpc.mqtt.aliyuncs.com |
hbr.me-east-1.aliyuncs.com | hbr-vpc.me-east-1.aliyuncs.com | ||
Data plane | *.oss-me-east-1.aliyuncs.com | *.oss-me-east-1-internal.aliyuncs.com | |
SAU (Riyadh - Partner Region) | Management plane | mqtt-cn-7pp2urf8g04.mqtt.aliyuncs.com | mqtt-cn-7pp2urf8g04-internal-vpc.mqtt.aliyuncs.com |
hbr.me-central-1.aliyuncs.com | hbr-vpc.me-central-1.aliyuncs.com | ||
Data plane | *.oss-me-central-1.aliyuncs.com | *.oss-me-central-1-internal.aliyuncs.com | |
Shanghai Finance Cloud | Management plane | post-cn-nif1osdrt09.mqtt.aliyuncs.com | post-cn-nif1osdrt09-internal.mqtt.aliyuncs.com |
hbr.cn-shanghai-finance-1.aliyuncs.com | hbr-vpc.cn-shanghai-finance-1.aliyuncs.com | ||
Data plane | None | *.oss-cn-shanghai-finance-1-internal.aliyuncs.com | |
Shenzhen Finance Cloud | Management plane | post-cn-n6w1pij7y0b.mqtt.aliyuncs.com | post-cn-n6w1pij7y0b-internal.mqtt.aliyuncs.com |
hbr.cn-shenzhen-finance-1.aliyuncs.com | hbr-vpc.cn-shenzhen-finance-1.aliyuncs.com | ||
Data plane | None | *.oss-cn-shenzhen-finance-1-internal.aliyuncs.com | |
China (Beijing) Gov | Management plane | post-cn-v0h1cmsrj01.mqtt.aliyuncs.com | post-cn-v0h1cmsrj01-internal.mqtt.aliyuncs.com |
hbr.cn-north-2-gov-1.aliyuncs.com | hbr-vpc.cn-north-2-gov-1.aliyuncs.com | ||
Data plane | *.oss-cn-north-2-gov-1.aliyuncs.com | *.oss-cn-north-2-gov-1-internal.aliyuncs.com |
Non-Alibaba Cloud servers
Region | Type | Access point domain name |
China (Hangzhou) | Management plane | 100.103.8.175 |
post-cn-mp90rcien05-internal.mqtt.aliyuncs.com | ||
Data plane | *.oss-cn-hangzhou-internal.aliyuncs.com | |
China (Shanghai) | Management plane | 100.103.83.79 |
post-cn-4590rcihm02-internal.mqtt.aliyuncs.com | ||
Data plane | *.oss-cn-shanghai-internal.aliyuncs.com | |
China (Qingdao) | Management plane | 100.100.0.111 |
post-cn-n6w1oj5j506-internal-vpc.mqtt.aliyuncs.com | ||
Data plane | *.oss-cn-qingdao-internal.aliyuncs.com | |
China (Beijing) | Management plane | 100.103.83.105 |
post-cn-mp90rcibd04-internal.mqtt.aliyuncs.com | ||
Data plane | *.oss-cn-beijing-internal.aliyuncs.com | |
China (Zhangjiakou) | Management plane | 100.100.1.236 |
post-cn-45917akja09-internal.mqtt.aliyuncs.com | ||
Data plane | *.oss-cn-zhangjiakou-internal.aliyuncs.com | |
China (Hohhot) | Management plane | 100.100.0.123 |
post-cn-0pp1epkb50h-internal.mqtt.aliyuncs.com | ||
Data plane | *.oss-cn-huhehaote.aliyuncs.com | |
China (Shenzhen) | Management plane | 100.103.31.50 |
post-cn-v0h0rcijv04-internal.mqtt.aliyuncs.com | ||
Data plane | *.oss-cn-shenzhen-internal.aliyuncs.com | |
China (Chengdu) | Management plane | 100.100.0.12 |
post-cn-st21piid30e-internal-vpc.mqtt.aliyuncs.com | ||
Data plane | *.oss-cn-chengdu-internal.aliyuncs.com | |
China (Hong Kong) | Management plane | 100.103.30.213 |
mqtt-cn-v0h1cmss401-internal.mqtt.aliyuncs.com | ||
Data plane | *.oss-cn-hongkong-internal.aliyuncs.com | |
Singapore | Management plane | 100.103.10.114 |
post-cn-4590unarx01-internal.mqtt.aliyuncs.com | ||
Data plane | *.oss-ap-southeast-1-internal.aliyuncs.com | |
Malaysia (Kuala Lumpur) | Management plane | 100.100.0.225 |
mqtt-cn-v0h1k5d7707-internal.mqtt.aliyuncs.com | ||
Data plane | *.oss-ap-southeast-3-internal.aliyuncs.com |
FAQ
Product selection
What is the difference between Anti-ransomware (data backup) and an ECS snapshot? When should I use each?
Comparison:
ECS snapshot: Performs a block-level backup of an entire cloud disk. It is ideal for full-system disaster recovery, such as a system crash or disk failure. Recovery is coarse-grained and typically takes longer.
Anti-ransomware (data backup): Focuses on file- and database-level backups. It provides granular recovery (you can restore a single file or database), supports application-level data consistency, and offers faster restore times.
How to choose: These solutions are complementary, not mutually exclusive. We recommend using them together for comprehensive protection.
Use an ECS snapshot for system-level disaster recovery.
Use Anti-ransomware (data backup) for granular, high-frequency protection of critical files and databases.
What is the honeypot feature? Can I manually delete the decoy files?
The honeypot is a proactive defense feature available in advanced editions of Security Center. It protects your data by deploying decoy files on your servers to detect and block new types of ransomware before they cause damage.
How it works
Deploy decoys: The feature creates hidden decoy files in critical directories on the server, such as
/home,/root, and the root of the C: and D: drives.Detect attacks: When a new type of ransomware scans and attempts to encrypt these decoy files, Security Center immediately detects the malicious behavior.
Block in real time: Security Center instantly blocks the malicious process, preventing it from damaging your actual files.
Important: These are standard security files. Do not delete them manually. For more information, see Host protection settings.
Features and capabilities
Anti-ransomware for DatabasesAnti-ransomware for Databases support Alibaba Cloud RDS databases?
No. The Anti-ransomware for Databases feature protects self-managed databases deployed in an IaaS environment, such as on an ECS instance. For managed cloud database services like RDS and PolarDB, use their native backup and recovery features.
Does the anti-ransomware feature provide proactive defense or only backup and recovery?
The Anti-ransomware service focuses on recovery, which includes data backup and restoration. A complete ransomware protection strategy also includes proactive defense (pre-attack interception and in-attack trapping). Together, these layers form a defense-in-depth system.
Proactive defense
NoteProactive defense features require you to upgrade Security Center to the Anti-virus edition or higher. For more information, see Host protection settings.
Pre-attack interception: Malicious host behavior prevention
This feature uses cloud-native threat intelligence to detect and block known ransomware families in real time before they infect your servers.
In-attack trapping: Honeypot
By deploying decoy files on your servers, this feature detects and blocks unknown ransomware in real time. If the system detects an attempt to encrypt a decoy file, it immediately terminates the suspicious process to protect your actual data.
Recovery
Anti-ransomware (data backup) is your final line of defense. It ensures that you can quickly recover your critical data in extreme situations, such as when other defense systems are bypassed.
Capacity and billing
What is "anti-ransomware capacity"? What happens if I exceed my capacity?
Definition: Anti-ransomware capacity is the amount of storage you purchase for the
Anti-ransomware (data backup)feature. Billing is based on the total volume of data you back up and the backup retention period, not on the number of servers.Consequences of exceeding capacity: You receive an alert when your capacity usage exceeds 80%. If the capacity is completely full, new backup jobs fail, leaving newly generated data unprotected. You can still use existing backup versions for recovery.
Recovery and performance
How long does it take to restore data (RTO)?
The Recovery Time Objective (RTO) depends on factors such as data volume, network bandwidth, and server performance. Restoring a small number of files typically takes minutes, while terabytes of data may require several hours.
NoteWe recommend conducting regular recovery drills to determine a realistic RTO for your business environment.
Can the anti-ransomware service recover encrypted files?
No. The service restores files from historical, unencrypted backups. It cannot decrypt files that are already encrypted. To protect your data:
Back up your files regularly to ensure you have recent, unencrypted versions.
Use the host protection features of Security Center to block ransomware.