SSD-Insider++: A firmware-based approach to thwarting ransomware attacks

3 years ago 302

September 10, 2021 report

ransomware Credit: Pixabay/CC0 Public Domain

An planetary squad of researchers is promoting the thought of utilizing firmware to halt ransomware attacks earlier they tin encrypt idiosyncratic information stored connected a solid-state thrust (SSD). The radical presented their ideas backmost successful 2018 astatine the IEEE International Conference connected Distributed Computing Systems, and much precocious spoke to a newsman astatine The Register describing their ideas.

Ransomware is simply a benignant of that blocks entree to idiosyncratic information oregon an full machine until a specified magnitude of wealth is paid to the entity that unleashes the attack. Over the past year, respective high-profile attacks with precise ample ransom demands person been carried retired against well-known entities. Antivirus makers person been hard astatine enactment adding features to their products that forestall specified attacks, but the radical with this caller effort suggests a amended mode to combat ransomware: stopping the bundle from automatically utilizing codification embedded successful hardware.

The enactment progressive studying the characteristics of ransomware codification and past penning their ain codification (SSD-Insider++) to admit it and to halt it earlier it tin encode . They past embedded that codification successful connected SDD devices. If SSD-Insider++ recognizes a ransomware attack, each enactment to the SSD is stopped, preventing the information from being scrambled and allowing the idiosyncratic to instrumentality enactment to destruct the threat. The attack comes astatine a price, of course; the firmware indispensable process each read/write bid sent to oregon from the SSD, which introduces a delay. The researchers assertion their firmware adds conscionable 12.8 to 17.3% to mean latency delays. They besides enactment that owed to features successful SSD devices, the bundle tin besides reverse immoderate harm that sneaks done the archetypal stages of an attack.

The researchers tested their firmware utilizing existent ransomware and recovered it capable to halt 100% of attacks. They besides recovered that the bundle was capable to repair immoderate harm from attacks successful little than 10 seconds. They bash admit that their strategy suffers from 1 flaw— coders could reverse-engineer SSD-Insider++ and past usage what they larn to change their ain to forestall it from being discovered. But the researchers enactment that firmware updates could beryllium delivered to flooded specified changes.



More information: Sungha Baek et al, SSD-assisted Ransomware Detection and Data Recovery Techniques, IEEE Transactions connected Computers (2020). DOI: 10.1109/TC.2020.3011214

SungHa Baek et al, SSD-Insider: Internal Defense of Solid-State Drive against Ransomware with Perfect Data Recovery, 2018 IEEE 38th International Conference connected Distributed Computing Systems (ICDCS) (2018). DOI: 10.1109/ICDCS.2018.00089

© 2021 Science X Network

Citation: SSD-Insider++: A firmware-based attack to thwarting ransomware attacks (2021, September 10) retrieved 10 September 2021 from https://techxplore.com/news/2021-09-ssd-insider-firmware-based-approach-thwarting-ransomware.html

This papers is taxable to copyright. Apart from immoderate just dealing for the intent of backstage survey oregon research, no portion whitethorn beryllium reproduced without the written permission. The contented is provided for accusation purposes only.

Read Entire Article