Ransomware is a type of malware that encrypts or steals data and renders computers or specific files unusable or unreadable, and then demands a ransom to recover or decrypt the related components. With ransomware attacks spiking in recent years, this malware is evolving to become stealthier, faster, and more impactful, often evading common antivirus software. Such attacks are now a major cyber trend on the network threat list.
Large enterprises and infrastructure are the focus of attacks.
The double extortion model increases the risk of data breach.
Ransomware as a Service (RaaS).
The supply chain becomes the main entry point for extortion attacks.
Advanced Persistent Threat (APT)-like ransomware attacks.
The new normal of insecure data.
To avoid ransomware attacks, storage devices must be equipped with ransomware protection in addition to the security protection already present at the network layer. Huawei provides a highly reliable protection solution that covers both primary and backup storage to protect your business.
▪ Primary storage: After data enters the production storage, a safe zone is created inside the storage to prevent data from being tampered with or deleted through the secure snapshot and Write Once Read Many (WORM) features of the storage. An independent physically-isolated zone is also created, combining with air gap technology to automatically disconnect replication links and replicate data to the isolation zone for enhanced protection.
▪ Backup storage: Similar to primary storage, the encryption, secure snapshot, and WORM features of the backup storage ensure the data in the storage system is clean. An isolation zone is also established to ensure data security, allowing operators to quickly restore secure data and services in the event of an attack.
* Ransomware protection features for NAS and backup are expected by Sept. 30, 2022.
The Huawei Ransomware Protection Storage Solution covers Storage Area Network (SAN), Network-Attached Storage (NAS), and backup storage scenarios. Key technologies — including storage encryption, air gap, secure snapshot, and WORM — are used to implement data anti-tampering, security detection, and secure recovery.
A baseline model is established based on historical data to check for any abnormalities in the changed feature values of the metadata of copies.
Abnormal copies are further compared to determine file size changes, entropy values, and similarities.
The Machine Learning (ML) model is used to determine whether file changes are caused by ransomware encryption, flagging them accordingly.
With secure snapshot, WORM, air gap, and ransomware detection technologies, the solution prevents data tampering while ensuring data detection and recovery.
In the event of an attack, time matters and speed counts. The solution helps enterprises effectively defend against ransomware attacks, ensuring information security and operational stability.