User:Baker232/sandbox

X.1220 is an International Telecommunication Union (ITU) standard for storage protection against malware. Malware, including ransomware, can hide and infect files. When a user executes a infected file, the malware spreads out to all stored files in connected network. Malware can encrypt, copy, tamper with, and delete files which damages computer systems.

This standard, X.1220, suggests a new definition "Storage Protection" to construct a new protection layer of storage. The protection layer works in a whitelist process. If a pre-registered application requests data, the protection layer gives read-write real data. Otherwise, the protection layer gives read-only fake data.^[1] Malware cannot change read-only data, so users can keep network storage safe against malware.

The purpose of this standard is to provide a technique to protect data from malware. Malware bypasses network and endpoint protection layers by following methods.(e.g., Encrypted Traffic, Zero-Day Exploits, Polymorphic Malware, Fileless malware, human error that has been guided by Social Engineering). So this standard defines and explains the criteria of non non-bypassable extra protection layer, which is the storage protection layer.

• February 23. 2023: 3rd Revised baseline text for X.spmoh^[2]
• November 13, 2024: Redesignated as X.1220 by ITU-T.(X.spmoh) ^[3]

• NotPetya (2017)
• WannaCry (2017)
• Colonial Pipeline ransomware attack (2021)
• Delta County Memorial Hospital data breach^[4] (2024)
• Codefinger Ransomware^[5] (2025)

In 2024, ransom costs increased 5 times that of ransom bills in 2023.^[6]

This security framework contains a host and a storage protection server. The storage protection server does not belong to the host like Cloud storage or File-hosting service.