Ransomware is predicted to cost victims around $275 billion annually by 2031, according to Cybersecurity Ventures. Yet, despite this growing threat, most organizations’ data protection strategies remain narrowly focused on mission-critical systems—typically stored as block data—while neglecting one of the most vulnerable and expansive targets: Unstructured file data. This is because it is way too expensive to protect the vast amount of unstructured file data organizations have and are continuing to amass.
File data may not always be considered “critical,” but it is an ideal attack surface for ransomware. Created and shared across departments, accessed by multiple users and systems, file data presents a sprawling and dynamic attack surface.
It only takes one infected file to compromise an entire enterprise network.
One way to protect large swaths of file data from ransomware attacks while avoiding 70% to 90% of costs is by shrinking the ransomware attack surface through cold file tiering. Rather than relying solely on data protection strategies, which become prohibitively expensive for file data, intelligent data placement sidesteps the risk altogether, saving organizations money while improving their ransomware defense.
The Challenge: File Data is Harder to Manage and Defend
While IT teams invest heavily in protecting databases and applications, file data often lives outside the spotlight of cybersecurity investments. Yet it’s exactly this data—PDFs, presentations, media files, logs, research data and more—that represents the most complex and risky data footprint.
The reasons are clear:
- Volume and sprawl: Enterprises manage billions of files and multiple petabytes of unstructured data across on-premises and cloud environments.
- Broad access: File data is frequently accessed and shared by many users, making it more susceptible to accidental exposure or malicious activity.
- Cold data buildup: As much as 80% of file data is cold—no longer accessed but retained for compliance or institutional knowledge—yet still sitting in expensive, high-risk storage.
- Snapshot vulnerabilities: Traditional snapshot-based recovery solutions can also be infected or deleted. Even tamperproof snapshot technologies may restrict the use of storage-based tiering due to backdoor vulnerabilities.
- Escalating storage costs: As file data grows, so do costs. Backups, snapshots and disaster recovery (DR) plans must cover every copy, inflating storage budgets and complexity. Clearly, using data protection as the sole mechanism for ransomware defense is untenable for file data.
One global law firm, Katten Muchin Rosenman LLP, illustrates the stakes. Facing 20% annual growth in file data and increasing costs from frequent on-premises storage expansions, Katten needed a more scalable and secure solution. The firm deployed a file data management strategy that included intelligent tiering to immutable cloud storage, saving $900,000 while dramatically reducing the ransomware attack surface. They achieved this without interrupting user and application access to tiered data.
5 Strategic Steps to Reduce Ransomware Risk from File Data
Organizations must take a proactive approach to managing file data—especially the cold, inactive files that no longer serve daily business needs but remain vulnerable to attack. Here are five essential steps to reduce ransomware exposure and control costs:
- Identify and Classify Cold Data
The first step is gaining visibility into how data is being used. Identify which files are cold—typically those not accessed in 12 months or more—and classify them based on business need, compliance requirements and risk level. In many organizations, cold files constitute 60%-80% of the overall data footprint.
Insight into cold data empowers IT teams to make informed decisions about what can be moved out of high-cost, high-risk environments.
- Offload Cold Files with File-Level Tiering
Instead of storing all data on primary systems, implement a file-level tiering strategy that physically moves cold files off active storage. Unlike block-based storage tiering provided by storage vendors, file-level tiering keeps data in the same folder structure and can be opened like normal, even though the actual data is stored elsewhere. A user won’t need to hunt down their files.
By offloading entire files and not blocks, file tiering can also shrink storage and backup costs by 70% or more—and save similarly on your ransomware protection costs at the same time.
- Store Tiered Files in Immutable Object Storage
For additional protection, tier cold data to cloud or object storage that supports immutability: write-once, read-many (WORM) configurations. When using immutable cloud storage with versioning, even if someone tried to infect a cold file, it would be saved as a new version. Therefore, you can recover files using an older version.
Immutable storage ensures clean, restorable versions of files are always available in case the cold file target is attacked.
- Maintain Compatibility With Tamperproof Snapshots
It’s important to use an independent data management solution that will properly tier file data even when tamperproof snapshots are used. This ensures that both your tiered files and your snapshots remain unaffected.
Avoid solutions that require compromises between data tiering and snapshot security.
- Reduce Backup and Disaster Recovery Scope to Save Money and Time
Once cold files are removed from primary storage, they no longer need to be included in frequent backups or DR plans. This streamlines your protection processes and dramatically reduces storage and operational costs.
Smaller backup and DR footprints lead to faster recovery and lower infrastructure investments.
Final Thoughts: Unstructured File Data Needs a New Strategy
The ransomware threat has evolved—and so must enterprise data strategies. It’s no longer enough to defend just what’s critical. Organizations must defend what’s exposed.
File data is growing fast, accessed by many and difficult to lock down. While much of it may be cold, it still consumes storage resources and remains a soft target for ransomware. By implementing intelligent file tiering strategies, storing cold data in immutable environments, and reducing redundant storage across backups and DR, organizations can both reduce risk and achieve major cost savings.
Katten’s $900,000 savings and stronger ransomware posture prove the value of managing file data differently. The stakes are high, but the solution is within reach—starting with visibility, tiering and a shift away from keeping everything everywhere, all the time. Ransomware defense goes beyond data protection to de-risk the bulk of file data via intelligent data management and data placement.
Your weakest link doesn’t have to stay weak. Rethink file data management strategy today to secure your organization’s data—and trust.
