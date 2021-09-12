Researchers are trying to develop a smart SSD that blocks ransomware attacks. Called SSD-Insider ++, the device would be able to detect infections and reverse encryption in a matter of seconds, all at the firmware level. The improvement could be implemented with no major effects other than a small increase in latency.

The component still exists only as a concept. Its basis is based on a study involving scientists from the South Korean institutions Inha University, the Daegu Gyeongbuk Institute of Science and Technology and the Department of Cyber ​​Security at Ewha Womans University, in collaboration with a researcher from the University of Central Florida, in the United States.

The functioning of SSD-Insider++ would consist of looking for patterns of activity that correspond to ransomware attacks — in which important files are encrypted by the attacker, and released only upon payment of a ransom. Instead of doing this with software, the action would be performed by the SSD’s firmware.

Intelligent storage would block data in and out as soon as it identified suspicious activity. A companion application would then display a notification about the infection to the user, who could then remove the ransomware. “I got the idea of ​​firmware-level detection because I know many [usuários] they don’t install anti-ransomware software,” DaeHun Nyang, a researcher at Ewha Womans University and founder of the project, told The Register.

Ransomware-protected SDDs are already on the market. Startup Cigent, for example, manufactures storage that works in conjunction with Windows 10 to identify and block the attack. The news of the South Korean research is that, because it works at the firmware level, the technology could be applied to existing units without changing the hardware.

Another differential of SSD-Insider++ is that it would be able to reverse any possible data damage in a matter of seconds, without having to copy information. Recovery would happen thanks to NAND flash drives’ characteristic of deleting data with delay. “This allows us to back up the original files without any extra copies and instantly roll back the infected files if necessary,” explained Nyang.

With information from The Register

