User:Baker232/sandbox

X.1220 is an International Telecommunication Union (ITU) standard for storage protection against malware. Malware, including ransomware, can hide and sneak into a file. When a user executes a infected file, the malware spreads out to all stored files in connected network. Malware can encrypt, copy, tamper with, and delete files to damage systems. Since the early 2010s, we still have been attacked from lots of malwares.

This standard, X.1220, suggests a new definition "Storage Protection" to construct a new protection layer of storage. You can escape dangers even if there are lurking threats in storage servers. The protection layer works in a whitelist process. If a pre-registered application requests data, the protection layer gives read-write real data. Otherwise, the protection layer gives read-only fake data.^[1] Malware cannot handle read-only data, so users can keep network storage safe against malware.

The purpose of this standard is to provide a technique to protect data from malware. Malware bypasses network and endpoint protection layers by following methods.(e.g., Encrypted Traffic, Zero-Day Exploits, Polymorphic Malware, Fileless malware, human error that has been guided by Social Engineering). So this standard defines and explains the criteria of non non-bypassable extra protection layer, which is the storage protection layer.

• February 23. 2023: 3rd Revised baseline text for X.spmoh^[2]
• November 13, 2024: Redesignated as X.1220 by ITU-T.(X.spmoh) ^[3]

• NotPetya (2017)
• WannaCry (2017)
• Colonial Pipeline ransomware attack (2021)
• Delta County Memorial Hospital data breach^[4] (2024)
• Codefinger Ransomeware^[5] (2025)

In 2024, ransom bills increased 5 times that of ransom bills in 2023.^[6]

This security framework contains a host and a storage protection server. The storage protection server does not belong to the host like Cloud storage or File-hosting service.