Monday, September 13th 2021
SSD-Insider++ Promises Ransomware-free SSDs
Over the past couple of years there has been a huge increase in ransomware attacks, and now scientists claim to have a solution that could help protect SSDs from getting encrypted by ransomware. The SSD-Insider++, as the solution has been named, claims to be able to detect ransomware activity and reverse the encryption on the fly.
SSD-Insider++ was developed by a group of engineers from South Korea's Inha University, Daegu Institute of Science and Technology, and the Cyber Security Department at Ewha Womans University (EWU), as well as a researcher from the University of Central Florida in the US. It's a firmware level based protection that looks for patterns of ransomware activity on the drive and stops it before any damage has been done.
This is done by suspending the I/O to the SSD, and this will apparently give the user a chance to remove the ransomware on the system, before it has a chance to encrypt the data. The creators of SSD-Insider++ also claim that any damage that might have occurred before the ransomware was detected, can be reversed in a matter of seconds, simply by using data held in the NAND flash before the data has been trimmed.
Furthermore, there are claims of being able to detect 100 percent of ransomwares in the wild and reversing any damage caused within 10 seconds of the encryption starting, thanks to a firmware level implementation. SSD-Insider++ does come with an increase in SSD latency of somewhere between 12.8 and 17.3 percent in the test scenarios, as well a worst case drop in throughput of about eight percent. By implementing it on a firmware level, workaround ought to be harder, but maybe not impossible.
Outside of the performance hit on current SSD controllers, the creators of SSD-Insider++ seem to think that we're going to need faster Arm cores and/or additional computing resources such as an NPU or a faster encryption/decryption engine in future SSD controllers to add advanced features such as entropy-based detection.
As to whether we'll see this technology implemented by any of the SSD controller manufacturers is most likely just a matter of time, at least on the enterprise side of things. Several Korean SSD controller manufacturers have already been contacted, but so far there hasn't been any real interest.
Source:
The Register
SSD-Insider++ was developed by a group of engineers from South Korea's Inha University, Daegu Institute of Science and Technology, and the Cyber Security Department at Ewha Womans University (EWU), as well as a researcher from the University of Central Florida in the US. It's a firmware level based protection that looks for patterns of ransomware activity on the drive and stops it before any damage has been done.
Furthermore, there are claims of being able to detect 100 percent of ransomwares in the wild and reversing any damage caused within 10 seconds of the encryption starting, thanks to a firmware level implementation. SSD-Insider++ does come with an increase in SSD latency of somewhere between 12.8 and 17.3 percent in the test scenarios, as well a worst case drop in throughput of about eight percent. By implementing it on a firmware level, workaround ought to be harder, but maybe not impossible.
Outside of the performance hit on current SSD controllers, the creators of SSD-Insider++ seem to think that we're going to need faster Arm cores and/or additional computing resources such as an NPU or a faster encryption/decryption engine in future SSD controllers to add advanced features such as entropy-based detection.
As to whether we'll see this technology implemented by any of the SSD controller manufacturers is most likely just a matter of time, at least on the enterprise side of things. Several Korean SSD controller manufacturers have already been contacted, but so far there hasn't been any real interest.
11 Comments on SSD-Insider++ Promises Ransomware-free SSDs
Bitlocker for instance will encrypt everything, while Ransomware would ideally go for smaller files, like documents/pictures/etc. first, and overwrite these in place with the same but encrypted data.
Encrpyting files in 7-Zip or RAR archives is nowhere near the throughput of ransomware - ransomware usually needs to be fast to be effective, meaning it will encrypt tons of files at different locations on the drive. Knowing this fact however, we will see Ransomware that acts differently once drives with this technology should roll out.
However, applying this protection to the masses of unprotected drives out there would still have a net benefit, not every Ransomware is and will be refined to bypass it. Combine it with software and the security increases tremendously.
Plus, I prefer some digital hygiene over increased complexity, price and power consumption of the SSD. Plus, I'd hate to update my SSD's 'antivirus' every month just to be able to thwart a possible ransomware attack.
Looks like along with ddr5, latency is hosed lol
and to me sounds "very smart".
like "Hey, front door cant be locked anymore.."
..installs security cam...