Researchers unveil ransomware detection and recovery method for SSDs
The Register spoke with the researchers, who come from Inha University, the Daegu Gyeongbuk Institute of Science & Technology (DGIST), the University of Central Florida (UCF), and the Cyber Security Department at Ewha Womans University (EWU). The system, called SSD-Insider, is supposedly almost 100 percent accurate and has been tested on real-world ransomware.
SSD-Insider works by recognizing certain patters in SSD activity that are known to indicate ransomware. "To recognize ransomware activity by viewing only the distribution of IO request headers, we have paid attention to a ransomware’s very unique behavior, overwriting," reads the team's research paper proposing SSD-Insider. It specifically points out the behavior of ransomware like WannaCry, Mole, and CryptoShield.
"When ransomware activity is detected by SSD-Insider++, input/output to the storage is suspended," Inha researcher DaeHun Nyang told The Register. "During the suspension, users can remove the ransomware process."
https://www.techspot.com/community/topics/researchers-unveil-ransomware-detection-and-recovery-method-for-ssds.271015/?fr=operanews
Your Comment :