A team of security researchers have developed a technique called SSD-Insider ++, which would help protect flash storage drives from ransomware attacks.
Ransomware is arguably the number one plague for many businesses. To fight against this scourge, current cybersecurity solutions may appear insufficient. Security researchers from South Korea (Inha University, Daegu Institute of Science and Technology and Cyber Security Department at Ewha Womans University) as well as the University of Central Florida have explored an original defense approach. They are indeed working on a technique for protecting and recovering compromised data that they have called SSD-Insider ++.
“SSD-Insider ++ is integrated into the SSD controller as firmware. By being separate from a host machine, it not only provides more robust data protection than that based on software that is vulnerable to evasive attacks, but also offers interoperability with various platforms, ”read the summary of the research.
A data detection and recovery tool
From research on SSD-Insider ++ protection technique. (credit: DR)
This find is made up of two functions: ransomware detection and exact data recovery, which are tightly integrated with each other. The detection algorithm observes the I / O patterns of a host system and decides whether the host is attacked by early stage ransomware. Once an encryption attack is detected, SSD activity is suspended to prevent the spread of ransomware. At this time, the recovery algorithm is triggered to restore the original files by taking advantage of the delayed memory erase function.
“Our experimental results show that SSD-Insider ++ achieves high accuracy of detection of ransomware with 100% in most cases (Wannacry, Mole,…) and provides instant data recovery with 0% data loss”, underlines the researchers. They add that attacks are contained within 10 seconds of detection at the cost of a 12.8% to 17.3% increase in latency and an 8% drop in throughput. For the moment, nothing says if the results of this academic research will find a concrete outlet to provide a priori protection to the ordeal of cyberattacks by ransomware.