Researchers unveil ransomware detection and recovery method for SSDs

Forward-looking: A team of researchers have devised a new method for protecting SSDs from ransomware attacks. It can detect ransomware, stop it in its tracks, and even recover stolen data in a matter of seconds. The cost should only be a minor increase in the SSD’s latency.

The Register spoke with the researchers, who come from Inha University, the Daegu Gyeongbuk Institute of Science & Technology (DGIST), the University of Central Florida (UCF), and the Cyber Security Department at Ewha Womans University (EWU). The system, called SSD-Insider, is supposedly almost 100 percent accurate and has been tested on real-world ransomware.

SSD-Insider works by recognizing certain patters in SSD activity that are known to indicate ransomware. “To recognize ransomware activity by viewing only the distribution of IO request headers, we have paid attention to a ransomware’s very unique behavior, overwriting,” reads the team’s research paper proposing SSD-Insider. It specifically points out the behavior of ransomware like WannaCry, Mole, and CryptoShield.

“When ransomware activity is detected by SSD-Insider++, input/output to the storage is suspended,” Inha researcher DaeHun Nyang told The Register. “During the suspension, users can remove the ransomware process.”

click to expand

Related posts

What the Rise of ESG Funds Means for Everyday Investors

4 Tips to Successfully Manage Real Estate Rentals Remotely

The ways new players can pick the casino game for them