With recent advancements in data storage technologies, major companies use massive data centers to store various internal and customer information. Now, although companies implement several security encryptions to protect sensitive data, we have seen various tech giants such as Acer, Canon, and CD Projekt Red hit by ransomware attacks in the recent past. So, to prevent such cyber attacks on companies as well as general users, a team of researchers has now come up with a hardware-level security solution for SSDs that can block ransomware attacks before the attacking malware starts encrypting user data.
Dubbed the SSD Insider++ technology, the new security solution can be integrated into SSDs at the hardware level. So, the ransomware prevention feature will be built right into the SSD drives and will automatically detect unusual encryption activities that are not user-triggered.
Now, getting into some technical details, the SSD Insider++ technology uses the inherent writing and deletion mechanisms in NAND flash to perform its task of preventing ransomware attacks. It leverages the SSD controller to continuously monitor the activity of the storage drive. The system triggers when any encryption workload is detected that is not initiated by the authorized user. In that case, the firmware prevents the SSD to take any write requests, which in turn suspends the encryption process.
The system then notifies the user about abnormal encryption activities via its companion app. The app also allows users to recover any data that was encrypted before the system stopped ongoing the process.
The researchers tested the system with the WannaCry ransomware and some of their in-house ransomware programs. They note that the SSD Insider++ solution has a 100 percent detection accuracy with almost 0 percent FRR/ FAR (False Rejection Rate or False Acceptance Rate). Moreover, in most cases, the system was able to detect an attack in less than 10 seconds time.
However, it is worth mentioning that although the system can be easily integrated into modern SSD drives, it does take a toll on the performance of the storage devices. As per researchers, with the SSD Insider++ solution, the latency performance of SSDs decreases by 17 percent, and the maximum throughput of the devices goes down by 8 percent.
Nonetheless, the researchers think that it is a fair trade-off to protect sensitive data from attackers. Moreover, they mentioned that they developed the said security solution as most users do not install any anti-ransomware software on their systems. So, with the security solution built right into SSD drives, users will stay protected without any additional security software.
“I came up with the idea of firmware level detection because I know that many [users] don’t install anti-ransomware software. So I thought that it would be good if we can protect people not having anti-ransomware installed on their computers by providing them with an anti-ransomware-intrinsic SSD,” said DaeHun Nyang, one of the researchers in the development team and a Ph.D. at Ewha Woman’s University (EWU).
So, with SSD Insider++ integrated into future SSDs, users will be protected from malicious ransomware attacks from cybercriminals. And as the security solution is at the hardware level, it would be difficult for hackers to crack it before getting into one’s system.
10 seconds is a long time. A lot of damage can be caused in that time.