Arama
  • Ransomware Protection Storage Solution

    Build a highly secure protection system with
    primary and backup storage.

  • Overview
  • Benefits
  • Futuristic Technology
  • Related Products
  • Expert Insight

Ransomware Has Become a Major Global Cyber Threat

Ransomware Has Become a Major Global Cyber Threat

Ransomware is a type of malware that encrypts or steals data and renders computers or specific files unusable or unreadable, and then demands a ransom to recover or decrypt the related components. With ransomware attacks spiking in recent years, this malware is evolving to become stealthier, faster, and more impactful, often evading common antivirus software. Such attacks are now a major cyber trend on the network threat list.

US$1.85 Million
The average total cost of recovery following
a single ransomware attack in 2021.
11s
On average, ransomware attacks affected a business, consumer, or device every 11s in 2021.
80%
The chance of a repeat attack after ransom payment.
US$70 Million
The largest extortion sum as of 2022 Q1.
57x Increase
Global ransomware damages reached US$20 billion in 2021 — 57 times more than 2015.
16 Days
The average duration of system downtime following a ransomware attack.

Ransomware Attack Trends

Large enterprises and infrastructure are the focus of attacks.

The double extortion model increases the risk of data breach.

Ransomware as a Service (RaaS).

The supply chain becomes the main entry point for extortion attacks.

Advanced Persistent Threat (APT)-like ransomware attacks.

The new normal of insecure data.

Dual Ransomware Protection with Primary and
Backup Storage


To avoid ransomware attacks, storage devices must be equipped with ransomware protection in addition to the security protection already present at the network layer. Huawei provides a highly reliable protection solution that covers both primary and backup storage to protect your business.


Primary storage: After data enters the production storage, a safe zone is created inside the storage to prevent data from being tampered with or deleted through the secure snapshot and Write Once Read Many (WORM) features of the storage. An independent physically-isolated zone is also created, combining with air gap technology to automatically disconnect replication links and replicate data to the isolation zone for enhanced protection.



Backup storage: Similar to primary storage, the encryption, secure snapshot, and WORM features of the backup storage ensure the data in the storage system is clean. An isolation zone is also established to ensure data security, allowing operators to quickly restore secure data and services in the event of an attack.


* Ransomware protection features for NAS and backup are expected by Sept. 30, 2022.

Key Technologies

The Huawei Ransomware Protection Storage Solution covers Storage Area Network (SAN), Network-Attached Storage (NAS), and backup storage scenarios. Key technologies — including storage encryption, air gap, secure snapshot, and WORM — are used to implement data anti-tampering, security detection, and secure recovery.

E2E Data Encryption

Protocol-layer encryption NFS, CIFS/SMB.

Advanced Encryption Standard (AES)-256 encryption of production and backup data.

Encryption during air gap replication.

Encryption during remote replication of data and copies.

Air Gap Replication

By setting the replication Service Level Agreement (SLA), data copies are automatically and periodically replicated from the production or backup storage to the isolation environment. The replication link is active only during replication, which ensures data copies are offline most of the time, reducing the possibility of attacks.

File System WORM and Secure Snapshot

A protection period can be set for production or backup data to prevent data modification or deletion during this time range.

Secure snapshots ensure storage data is read-only and cannot be modified or deleted within a specified time range.

Ransomware Detection

A baseline model is established based on historical data to check for any abnormalities in the changed feature values of the metadata of copies.

Abnormal copies are further compared to determine file size changes, entropy values, and similarities.

The Machine Learning (ML) model is used to determine whether file changes are caused by ransomware encryption, flagging them accordingly.

Futuristic Technology

How Does It Work?

Solution Rundown

How Does It Work?
Stop Ransomware Attacks

Attack and Defense Drills

Stop Ransomware Attacks

TOP