Researchers unveil ransomware detection and recovery method for SSDs

20 September 2021 | 10:39 Code : 20289 news
visits:423
News Author: Naser Rezaii
Researchers unveil ransomware detection and recovery method for SSDs

The Register spoke with the researchers, who come from Inha University, the Daegu Gyeongbuk Institute of Science & Technology (DGIST), the University of Central Florida (UCF), and the Cyber Security Department at Ewha Womans University (EWU). The system, called SSD-Insider, is supposedly almost 100 percent accurate and has been tested on real-world ransomware.

SSD-Insider works by recognizing certain patters in SSD activity that are known to indicate ransomware. "To recognize ransomware activity by viewing only the distribution of IO request headers, we have paid attention to a ransomware’s very unique behavior, overwriting," reads the team's research paper proposing SSD-Insider. It specifically points out the behavior of ransomware like WannaCry, Mole, and CryptoShield.

"When ransomware activity is detected by SSD-Insider++, input/output to the storage is suspended," Inha researcher DaeHun Nyang told The Register. "During the suspension, users can remove the ransomware process."

https://www.techspot.com/community/topics/researchers-unveil-ransomware-detection-and-recovery-method-for-ssds.271015/?fr=operanews

Naser Rezaii

News Author

tags: ransomware ssd ssd insider activity university insider s


Your Comment :