Recent advances in data storage technology have led large companies to use large data centers to store a variety of inside and customer information. Today, companies are implementing some security encryption to protect sensitive data, but recently various tech giants such as Acer, Canon, and CD Projekt Red have been hit by ransomware attacks. Therefore, in order to prevent such cyber attacks on enterprises and general users, a team of researchers have decided to use SSD hardware-level security solutions that can block ransomware attacks before the attacking malware begins to encrypt user data. Invented.
A new security solution called SSD Insider ++ Technology can be integrated into SSDs at the hardware level. Therefore, the ransomware prevention function is built directly into the SSD drive, Automatically detect anomalous cryptographic activity It is not user-triggered.
Now, in some technical details, SSD Insider ++ technology uses NAND flash-specific write and delete mechanisms to perform the task of preventing ransomware attacks. Leverage SSD controllers to continuously monitor storage drive activity. The system triggers when an encrypted workload that has not been started by an authorized user is detected. In that case, the firmware prevents the SSD from receiving write requests and suspends the encryption process.
The system then notifies the user of anomalous cryptographic activity via the companion app. The app also allows users to recover encrypted data before the system stops the process.
Researchers have tested the system using WannaCry ransomware and several in-house ransomware programs. They say that the SSD Insider ++ solution has 100% detection accuracy and false rejection rate (FRR / FAR) is almost 0%. In addition, in most cases the system was able to detect the attack in less than 10 seconds.
However, although the system can be easily integrated into the latest SSD drives, Does it have a negative impact on performance? Of storage devices. According to researchers, the SSD Insider ++ solution reduces SSD latency performance by 17% and maximum device throughput by 8%.
Nonetheless, researchers consider protecting sensitive data from attackers a fair trade-off. In addition, most users do not have ransomware protection software installed on their systems, so they said they developed the security solution mentioned above. As a result, the SSD drive has a built-in security solution that leaves the user protected without any additional security software.
“Many people know the idea of firmware-level detection. [users] Do not install ransomware protection software. Therefore, I thought it would be great if we could protect people who did not have ransomware protection installed by providing ransomware protection SSDs. “ Dae Hun Nyang, one of the researchers on the development team and a PhD, said: At Ewha Womans University (EWU).
Therefore, when SSD Insider ++ is integrated into future SSDs, users will be protected from malicious ransomware attacks from cyber criminals. Also, because security solutions are at the hardware level, it is difficult for hackers to crack them before they break into the system.