Produkty, Rozwiązania i usługi dla przedsiębiorstw
As the AI era surges forward, intelligent transformation has become an essential path for enterprise growth. Companies across industries are actively embracing this shift, generating an ever-expanding array of digital assets through their operations. These assets—akin to a company's "golden treasure"—have emerged as critical production elements. However, when vital data is encrypted by ransomware, the consequences can be devastating. Beyond financial loss, such attacks can cripple core business systems, leading to immeasurable damage.
To strengthen enterprise resilience against ransomware threats, Huawei introduces the Xinghe Intelligent Unified SASE Solution. This cutting-edge offering incorporates Huawei's proprietary ransomware rollback technology. By establishing a dynamic backup mechanism, it ensures that even if data is encrypted by ransomware, historical backups can be swiftly retrieved for seamless, lossless recovery. It's like adding an extra layer of "insurance" to your most valuable files—fortifying the security perimeter around your digital assets.
In recent years, ransomware attacks have surged dramatically, fueled by the deep integration of AI technologies with cybercrime. These incidents are making headlines with alarming frequency, and ransom demands are reaching unprecedented heights. With high returns and low barriers to execution, ransomware has become the top network security threat confronting businesses today.
• Blazing Encryption Speeds: Modern ransomware encrypts files at astonishing rates. For example, LockBit can encrypt 100,000 files in just 4 minutes—averaging 25,000 files per minute. By the time an attack is detected, critical data may already be irreversibly compromised.
• Massive Financial Impact: Hackers are now leveraging advanced AI models to develop malicious tools like WormGPT, FraudGPT, and other variants collectively known as "BadGPT." These tools drastically reduce the cost of launching ransomware attacks, leading to exponential growth in their frequency. In 2024 alone, global losses from ransomware attacks reached a staggering $42 billion. On average, each attack causes 21 days of business disruption and $2.73 million in direct financial losses—crippling enterprise operations.
• Low Recovery Success Rates: Data shows that only 4% of companies successfully recover their data in full after paying the ransom. For most, their digital assets remain hostage, with little recourse for restoration.
As ransomware continues to evolve, defending against it has become a central concern in enterprise network security strategy.
To tackle the growing threat of ransomware, Huawei has taken a bold, innovative approach by introducing its proprietary Ransomware Rollback Technology—a breakthrough that acts as an "insurance policy" for enterprise data security. Even if files are encrypted by ransomware, this technology enables seamless recovery using preemptively backed-up data, providing a robust safety net and enhancing organizational resilience against attacks.
Let's take a closer look at how the rollback recovery process works:
1. Early Detection of Malicious Behavior: Once ransomware infiltrates a system, it typically performs a series of suspicious actions—such as scanning system files, tampering with configuration settings, and executing dangerous commands like vssadmin.exe.
2. Kernel-Level Monitoring: Huawei's HiSec Endpoint monitors these activities at the kernel level, capturing fine-grained file operations in real time.
3. Instant Backup Trigger: Upon detecting abnormal processes—such as unauthorized file deletion or encryption—HiSec Endpoint immediately activates the backup mechanism, securing files before encryption can occur.
4. Threat Elimination and File Restoration: After neutralizing the ransomware, the system restores encrypted or deleted files using the preemptive backups, achieving lossless rollback and ensuring business continuity.
With Huawei's Ransomware Rollback Technology, enterprises gain a powerful last line of defense—turning potential data disasters into recoverable events and reinforcing the security of their digital assets.
Figure 1 Ransomware-encrypted file restoration process
Huawei has overcome the formidable challenges of kernel-level development to deliver a cutting-edge solution that monitors ransomware behavior with exceptional precision. By abstracting file-level operations into a backup logic and embedding it directly into the driver layer, Huawei achieves seamless integration of ransomware detection and backup—setting a new benchmark in the industry. Here's what sets Huawei apart:
Event-Triggered Backup: Smarter, Safer, More Efficient
Unlike traditional full-volume backup methods commonly used across the industry, Huawei's ransomware rollback technology employs event-triggered backup. This means:
• Only critical files undergoing abnormal modifications are backed up into a secure zone.
• Minimized storage consumption: By backing up only relevant files, Huawei's approach significantly reduces the storage footprint compared to full backups.
• Cleaner data protection: Full backups risk capturing already compromised or infected files. Huawei's method ensures that backups are created before ransomware encryption occurs—preventing the preservation of tainted data.
This intelligent, preemptive strategy not only enhances backup efficiency but also ensures the integrity of restored data—giving enterprises a reliable and resource-conscious defense against ransomware.
Figure 2 Backup comparison
Comprehensive Process Monitoring for Seamless File Restoration
While many vendors rely on scheduled backups or full-volume backups, these methods often leave gaps—especially when files are modified between backup intervals. This can result in data loss and incomplete recovery.
Huawei's Ransomware Rollback Technology takes a more advanced approach:
• Full-spectrum monitoring of ransomware's multi-process encryption behavior ensures no malicious activity goes undetected.
• A sophisticated rollback sequencing mechanism is built in, enabling precise control over file restoration order.
• When a suspicious process attempts to modify a file, HiSec Endpoint immediately pauses the operation and triggers a backup, capturing the file in its pre-encryption state.
This ensures that files are restored exactly as they were before the attack, with zero version discrepancies—delivering true lossless recovery and maintaining data integrity across the board.
Figure 3 File version comparison before and after recovery
As shown in the preceding figure, other vendors back up files every five minutes. If a file is encrypted and backed up at 12:05, the file can be restored only to the 12:00 version, resulting in version discrepancies. Huawei’s event-triggered backup enables real-time backups, allowing encrypted files to be restored to their most recent version.
Resilient Backup Protection—Even When Shadow Copies Are Destroyed
Many vendors rely on Windows' native Volume Shadow Copy Service (VSS) to create snapshots for data backup and recovery. However, ransomware often targets and deletes these shadow copies, rendering recovery impossible.
Huawei takes a more secure and independent approach:
• No reliance on system VSS—Huawei uses its own local backup management technology, ensuring backups remain intact even if VSS is compromised.
• User-defined backup locations offer flexibility and control.
• By default, backup files are protected by kernel-level drivers, making them inaccessible to all programs except HiSec Endpoint itself.
• Even if ransomware successfully destroys VSS snapshots, Huawei's backup solution still enables full file recovery, safeguarding critical data from loss.
This architecture ensures that backup integrity is maintained—even under direct attack—giving users a reliable last line of defense.
Figure 4 Backup comparison
In the fast-moving tide of digital transformation, data security has become mission-critical for enterprises. Huawei's Ransomware Rollback Technology offers a powerful safeguard—an "insurance policy" for your files—delivering more reliable and comprehensive protection for your digital assets.
As this innovative solution continues to gain traction, more and more businesses are reaping its benefits—navigating the path of digital transformation with greater confidence, resilience, and security.
Interested in strengthening your ransomware defenses? Visit the Huawei official website to explore Huawei's full suite of network security products and discover how they can protect your enterprise data with cutting-edge precision.
Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy, position, products, and technologies of Huawei Technologies Co., Ltd. If you need to learn more about the products and technologies of Huawei Technologies Co., Ltd., please visit our website at e.huawei.com or contact us.
Copyright © 2025 Huawei Technologies Co., Ltd. Wszystkie prawa zastrzeżone.
