SSD-Insider++: A firmware-based approach to thwarting ransomware attacks

Credit: Pixabay/CC0 Public Domain

An international team of researchers is promoting the idea of using firmware to stop ransomware attacks before they can encrypt user data stored on a solid-state drive (SSD). The group presented their ideas back in 2018 at the IEEE International Conference on Distributed Computing Systems, and more recently spoke to a reporter at The Register describing their ideas.

Ransomware is a type of software that blocks access to user data or an entire computer until a specified amount of money is paid to the entity that unleashes the attack. Over the past year, several high-profile attacks with very large ransom demands have been carried out against well-known entities. Antivirus makers have been hard at work adding features to their products that prevent such attacks, but the group with this new effort suggests a better way to fight ransomware: stopping the software from automatically using code embedded in hardware.

Loading...

The work involved studying the characteristics of ransomware code and then writing their own code (SSD-Insider++) to recognize it and to stop it before it can encode user data. They then embedded that code in firmware on SDD devices. If SSD-Insider++ recognizes a ransomware attack, all activity to the SSD is stopped, preventing the data from being scrambled and allowing the user to take action to eliminate the threat. The approach comes at a price, of course; the firmware must process every read/write command sent to or from the SSD, which introduces a delay. The researchers claim their firmware adds just 12.8 to 17.3% to average latency delays. They also note that due to features in SSD devices, the software can also reverse any damage that sneaks through the initial stages of an attack.

The researchers tested their firmware using real ransomware and found it able to stop 100% of attacks. They also found that the software was able to repair any damage from attacks in less than 10 seconds. They do acknowledge that their system suffers from one flaw—ransomware coders could reverse-engineer SSD-Insider++ and then use what they learn to alter their own code to prevent it from being discovered. But the researchers note that firmware updates could be delivered to overcome such changes.


US authorities warn of ‘imminent’ cyber threat to hospitals

Loading...

More information:
Sungha Baek et al, SSD-assisted Ransomware Detection and Data Recovery Techniques, IEEE Transactions on Computers (2020). DOI: 10.1109/TC.2020.3011214

SungHa Baek et al, SSD-Insider: Internal Defense of Solid-State Drive against Ransomware with Perfect Data Recovery, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS) (2018). DOI: 10.1109/ICDCS.2018.00089

© 2021 Science X Network

Loading...

Citation:
SSD-Insider++: A firmware-based approach to thwarting ransomware attacks (2021, September 10)
retrieved 10 September 2021
from https://techxplore.com/news/2021-09-ssd-insider-firmware-based-approach-thwarting-ransomware.html

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.

Loading...

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

Loading...

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Loading...

Read original article here

Denial of responsibility! TechiLive.in is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.