TheLostSwede
News Editor
- Joined
- Nov 11, 2004
- Messages
- 16,062 (2.26/day)
- Location
- Sweden
| System Name | Overlord Mk MLI |
|---|---|
| Processor | AMD Ryzen 7 7800X3D |
| Motherboard | Gigabyte X670E Aorus Master |
| Cooling | Noctua NH-D15 SE with offsets |
| Memory | 32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68 |
| Video Card(s) | Gainward GeForce RTX 4080 Phantom GS |
| Storage | 1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000 |
| Display(s) | Acer XV272K LVbmiipruzx 4K@160Hz |
| Case | Fractal Design Torrent Compact |
| Audio Device(s) | Corsair Virtuoso SE |
| Power Supply | be quiet! Pure Power 12 M 850 W |
| Mouse | Logitech G502 Lightspeed |
| Keyboard | Corsair K70 Max |
| Software | Windows 10 Pro |
| Benchmark Scores | https://valid.x86.fr/5za05v |
Over the past couple of years there has been a huge increase in ransomware attacks, and now scientists claim to have a solution that could help protect SSDs from getting encrypted by ransomware. The SSD-Insider++, as the solution has been named, claims to be able to detect ransomware activity and reverse the encryption on the fly.
SSD-Insider++ was developed by a group of engineers from South Korea's Inha University, Daegu Institute of Science and Technology, and the Cyber Security Department at Ewha Womans University (EWU), as well as a researcher from the University of Central Florida in the US. It's a firmware level based protection that looks for patterns of ransomware activity on the drive and stops it before any damage has been done.
This is done by suspending the I/O to the SSD, and this will apparently give the user a chance to remove the ransomware on the system, before it has a chance to encrypt the data. The creators of SSD-Insider++ also claim that any damage that might have occurred before the ransomware was detected, can be reversed in a matter of seconds, simply by using data held in the NAND flash before the data has been trimmed.
Furthermore, there are claims of being able to detect 100 percent of ransomwares in the wild and reversing any damage caused within 10 seconds of the encryption starting, thanks to a firmware level implementation. SSD-Insider++ does come with an increase in SSD latency of somewhere between 12.8 and 17.3 percent in the test scenarios, as well a worst case drop in throughput of about eight percent. By implementing it on a firmware level, workaround ought to be harder, but maybe not impossible.
Outside of the performance hit on current SSD controllers, the creators of SSD-Insider++ seem to think that we're going to need faster Arm cores and/or additional computing resources such as an NPU or a faster encryption/decryption engine in future SSD controllers to add advanced features such as entropy-based detection.
As to whether we'll see this technology implemented by any of the SSD controller manufacturers is most likely just a matter of time, at least on the enterprise side of things. Several Korean SSD controller manufacturers have already been contacted, but so far there hasn't been any real interest.
View at TechPowerUp Main Site
SSD-Insider++ was developed by a group of engineers from South Korea's Inha University, Daegu Institute of Science and Technology, and the Cyber Security Department at Ewha Womans University (EWU), as well as a researcher from the University of Central Florida in the US. It's a firmware level based protection that looks for patterns of ransomware activity on the drive and stops it before any damage has been done.
This is done by suspending the I/O to the SSD, and this will apparently give the user a chance to remove the ransomware on the system, before it has a chance to encrypt the data. The creators of SSD-Insider++ also claim that any damage that might have occurred before the ransomware was detected, can be reversed in a matter of seconds, simply by using data held in the NAND flash before the data has been trimmed.
Furthermore, there are claims of being able to detect 100 percent of ransomwares in the wild and reversing any damage caused within 10 seconds of the encryption starting, thanks to a firmware level implementation. SSD-Insider++ does come with an increase in SSD latency of somewhere between 12.8 and 17.3 percent in the test scenarios, as well a worst case drop in throughput of about eight percent. By implementing it on a firmware level, workaround ought to be harder, but maybe not impossible.
Outside of the performance hit on current SSD controllers, the creators of SSD-Insider++ seem to think that we're going to need faster Arm cores and/or additional computing resources such as an NPU or a faster encryption/decryption engine in future SSD controllers to add advanced features such as entropy-based detection.
As to whether we'll see this technology implemented by any of the SSD controller manufacturers is most likely just a matter of time, at least on the enterprise side of things. Several Korean SSD controller manufacturers have already been contacted, but so far there hasn't been any real interest.
View at TechPowerUp Main Site
